Rails 3 - “无限”更改为 session_store 时的会话:domain => :全部
我目前有基于 cookie 的会话。我试图允许使用同一会话访问我的系统上的所有子域,因此用户只需登录一次并被授予通过我的网站(section1.mysite.com、section2.mysite.com 等)的访问权限。
我已经更新了我的 config/initializers/session_store.rb ,如下所示:
Mysite::Application.config.session_store :cookie_store, :key => '_mysite_session', :domain => :all
#Mysite::Application.config.session_store :cookie_store, :key => '_mysite_session'
注释掉的行显示了我之前的内容。现在,如果我在重新启动服务器时注销(没有保存 cookie 会话),这会非常有效。但是,如果我有第一个配置的 cookie 会话,当我切换到 :domain => 时总之,我不能破坏那个会话。用户无限期地登录,因为会话不会破坏。用户无法从已注释掉的会话配置上登录的会话中注销,并且在新配置到位后他们会尝试注销。
我尝试过的事情: * 更改 security_token 似乎没有帮助 * 更改 session_store 键似乎没有帮助(我对此感到困惑......我认为它应该起作用) * 在我的一生中,我无法找到如何手动删除会话
无论我做什么,在我进行此更改之前登录的任何人都无法在我这样做后注销。
预先感谢您的帮助! 本
I currently have cookie based sessions. I am trying to allow access to all subdomains on my system with the same session, so users will only login once and be granted access through my site (section1.mysite.com, section2.mysite.com, etc).
I have updated my config/initializers/session_store.rb like so:
Mysite::Application.config.session_store :cookie_store, :key => '_mysite_session', :domain => :all
#Mysite::Application.config.session_store :cookie_store, :key => '_mysite_session'
The commented out line shows what I had before. Now, this works great if I was logged out (had no cookie session saved) when I restarted the server. However, if I had a cookie session for the first configuration, when I switch to :domain => all, I cannot destroy that session. The user is indefinitely logged in, because the session will not destroy. Users are not be able to logout from their sessions where the login was on the commented out session configuration, and they attempt to logout once the new config is in place.
Things I've tried:
* changing the security_token didnt seem to help
* changing the session_store key didn't seem to help (I'm confused about this... i thought it should work)
* for the life of me I can't find out how to manually delete the sessions
No matter what I do, anyone logged in before I make this change cannot logout once I do.
Thanks in advance for your help!
Ben
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
:domain选项不应该是复数吗,如:domains中那样?在您的情况下,这样做:
为了摆脱持久会话,您可能需要清除浏览器 cookie。
更新:
要删除用户 cookie,请编辑以下 Rails 文件:
app/config/initializers/secret_token.rb:
Shouldn't the
:domainoption be plural, as in:domains?In your case, that would do:
And in order to get rid of your persistent session, you may want to clear your browser cookies.
Update:
To get rid of users cookies, edit the following Rails file:
app/config/initializers/secret_token.rb: