如何在支持rails saas软件的cname转发中处理会话域
我已阅读
我无法获得以下设置的解决方案:
- Rails 中的 SaaS Web 应用程序在 example.com 下运行
- 所有用户都有一个 sumbdomain,例如 user1.example.com
- 用户可以创建一个 cname 转发,例如。 exampleapp.user1.com -> user1.example.com
一切正常,直到用户尝试通过 exampleapp.user1.com 登录。 SaaS 应用程序无法正确设置会话域,因为它在应用程序启动时配置为静态。
config.action_controller.session = {
:session_key => '_example_session',
:domain => ".example.com",
:secret => 'abc'
}
请求失败并返回 ActionController::InvalidAuthenticityToken
。这是正确的,因为域从 .example.com
更改为 exampleapp.user1.com
。
如何在运行时更改域配置?我知道“传入”域 exampleapp.user1.com
属于 user1
,所以我想在控制器中执行类似的操作:
session :domain => 'exampleapp.user1.com'
或者我可以始终设置会话吗当前请求域上的域? 我知道这是可能的,因为某些应用程序提供了该功能。
提前致谢!
I have read
- How to give cname forward support to saas software
- Rails - Multiple top level domains and a single session/cookie
But I am unable to get a solution for the following setup:
- A SaaS Webapp in Rails is running under example.com
- All users have a sumbdomain e.g. user1.example.com
- Users can create a cname forwarding eg. exampleapp.user1.com -> user1.example.com
It is all working until a user tries to log in via exampleapp.user1.com. The SaaS app fails to set the session domain right, because it is configured static on app startup.
config.action_controller.session = {
:session_key => '_example_session',
:domain => ".example.com",
:secret => 'abc'
}
The Request fails with a ActionController::InvalidAuthenticityToken
. And that is correct, because the domain changed from .example.com
to exampleapp.user1.com
.
How do I change the domain config during runtime? I know that the "incoming" domain exampleapp.user1.com
belongs to user1
, so I want to do something like that in the controller:
session :domain => 'exampleapp.user1.com'
Or can I always set the session domain on the current request domain?
I know that it's possible somehow, because some apps provide that functionality.
Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
:域=> :所有 cookie 配置都可以工作。
对于 CNAME 域名,它将设置为 .theirdomain.com
对于您的自定义子域,它将转到 .yourdomain.com,这可能会或可能不好
:domain => :all on the cookie config may work.
For CNAME'd domains, it will be set to .theirdomain.com
For your custom subdomain, it will go to .yourdomain.com, which may or may not be good
只是不要设置域,因为显然您不需要在 example.com 和 user1.example.com 之间共享会话 cookie。如果不指定域,则仅为当前请求域设置默认 cookie 行为。
Just don't set the domain, since apparently you don't need to share a session cookie across example.com and user1.example.com. By not specifying a domain, the default cookie behavior is just to be set for the current request domain.