配置 Rails App 处理多个子域和多个 cookie
我有一个支持多个域的rails应用程序,每个域可能有多个子域。
访问 mydomain1.com 的用户不会获得与 mydomain2.com 相同的体验(尽管应用程序的基本行为是相同的)
因此,如果用户登录到 mydomain1.com,则不应再登录到 mydomain2 .com
如果用户登录到 france.mydomain1.com,那么它应该登录到 germany.mydomain1.com
之前,我通过在会话存储配置中设置域来处理此问题:
MyApp::Application.config.session_store :cookie_store, :key => '_MyApp_session', :domain => APP_CONFIG[:domain]
我正在尝试找出处理多个域的最佳方法?
我尝试过破解 ActionDispatch::Callback 但该请求在其中不可用。
有人能建议一种在一个应用程序中支持多个 cookie 的好方法吗?
理想情况下,我想为每个子域创建一个新的cookie。
I have a rails app which supports multiple domains and each domain may have multiple subdomains.
Users visiting mydomain1.com do not receive the same experience as mydomain2.com (although the base behaviour of the apps is the same)
Therefore, if a user is logged in to mydomain1.com, it shouldn't then be logged in to mydomain2.com
If a user is logged in to france.mydomain1.com, it should then be logged in to germany.mydomain1.com
Previously, I've handled this by setting the domain in the session store configs:
MyApp::Application.config.session_store :cookie_store, :key => '_MyApp_session', :domain => APP_CONFIG[:domain]
I'm trying to work out the best way to handle this with multiple domains?
I've tried hacking around ActionDispatch::Callback but the request is not available from within there.
Can anybody suggest a good way of supporting multiple cookies from within one app?
Ideally I'd like to create a fresh cookie for each subdomain.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您应该这样做:
即您的域名应该以点开头。
You should do that:
I.e. your domain should start with the dot.
这不应该是一个问题,因为 cookie 仅对每个域有效。您可以为
example1.com拥有一个_MyApp_session,为example2.com拥有一个。 cookie 由浏览器管理,并且仅在域匹配时才发送到主机。假设您访问 example1.com 并登录,您将获得一个值为
abcdef123的 cookie。然后您登录 example2.com,您将获得另一个带有随机字符串uvwxyz890的 cookie。如果您稍后返回 example1.com,浏览器将仅向您的应用程序发送对此域有效的 cookie。您的应用程序无需管理任何内容,您也无需破解任何内容。
It shouldn't be an issue as cookies are only valid per domain. You can have a
_MyApp_sessionforexample1.comand one forexample2.com. The cookies are managed by the browser and only sent to the host if the domain matches.Say you visit example1.com and log in and you will get a cookie with the value
abcdef123. Then you log into example2.com and you will get another cookie with a random stringuvwxyz890.If you return to example1.com later, the browser will only send the cookies that are valid for this domain to your app. Your app won't have to manage anything and you don't have to hack anything.