跨子域的 Rails 3 会话在 Internet Explorer 中不起作用

发布于 2024-11-26 07:43:14 字数 549 浏览 1 评论 0原文

我正在开发一个使用子域的 Rails 3 应用程序。我使用railscasts #221“Rails 3 中的子域”(http://railscasts.com/episodes/221-subdomains-in-rails-3) 作为指南，一切都很顺利，除了在资源管理器中。

为了保持我的会话跨所有子域，我将下一行放入 session_store.rb 中，如教程所述：

MyApp.application.config.session_store :cookie_store, :key => '_myapp_session', :domain => "example.com"

我已经在 Firefox 和 Chrome 上测试了我的应用程序，它运行良好，但由于某种原因在 Internet Explorer 中根本无法运行。这种行为很奇怪，因为有时会话似乎在我的所有子域之间共享，但在其他一些子域中，我登录了一些子域，而我未登录其他子域。

我找不到任何原因，我希望有任何想法...

我正在使用 Devise 进行 Rails 3.0.5 身份验证

原文

I am working on a rails 3 application which use subdomains. I used railscasts #221 "Subdomains in rails 3" (http://railscasts.com/episodes/221-subdomains-in-rails-3) as a guide and everything goes well, except in Explorer.

To keep my session across all the subdomains I put the next line in session_store.rb as the tutorial says:

MyApp.application.config.session_store :cookie_store, :key => '_myapp_session', :domain => "example.com"

I have tested my app on Firefox and Chrome and it works well, but for some reason is not working at all in Internet Explorer. The behavior is strange because sometimes it seems the session is share across all my subdomains, but some others there are some subdomains where I am logged in and other sudomains where I am not logged in.

I can't find any reason for this and I would appreciate any idea...

I am using Devise for authentication with rails 3.0.5

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

仙女 2024-12-03 07:43:15

我相信您需要将 domain 值更改为 .example.com （前导点表示 cookie 可以跨子域使用）：

MyApp.application.config.session_store :cookie_store, :key => '_myapp_session', :domain => ".example.com"

I believe you'll need to change your domain value to .example.com (the leading dot indicates that the cookie can be used across subdomains):

MyApp.application.config.session_store :cookie_store, :key => '_myapp_session', :domain => ".example.com"

回复收藏 0 原文

谎言月老 2024-12-03 07:43:15

由于某种原因，这对于在子域上设置的任何会话数据都不起作用（rails 3.2.11）。它需要一个自定义中间件来修复它。该解决方案的摘要如下。

tl;dr：您需要编写一个自定义的机架中间件。您需要将其添加到您的 conifg/environments/[生产|开发].rb 中。这是 Rails 3.2.11 上的

Cookie 会话通常仅为您的顶级域存储。

如果您查看 Chrome ->设置->显示高级设置...->隐私/内容设置...->所有 cookie 和站点数据... ->搜索 {yourdomain.com} 您可以看到 sub1.yourdomain.com 和 othersub.yourdomain.com 和 yourdomain 会有单独的条目.com

挑战是在所有子域中使用相同的会话存储文件。

第 1 步：添加自定义中间件类

这是 Rack Middleware 的用武之地。 Rails 资源：

这是您应该在 lib 中添加的自定义类
这是由 @Nader 写的，你们都应该感谢他

# Custom Domain Cookie
#
# Set the cookie domain to the custom domain if it's present
class CustomDomainCookie
  def initialize(app, default_domain)
    @app = app
    @default_domain = default_domain
  end

  def call(env)
    host = env["HTTP_HOST"].split(':').first
    env["rack.session.options"][:domain] = custom_domain?(host) ? ".#{host}" : "#{@default_domain}"
    @app.call(env)
  end

  def custom_domain?(host)
    host !~ /#{@default_domain.sub(/^\./, '')}/i
  end
end

基本上，它的作用是会将您的所有 cookie 会话数据映射回与您的根域相同的 cookie 文件。

步骤 2：添加到 Rails 配置

现在您在 lib 中有一个自定义类，请确保自动加载它。如果这对您来说毫无意义，请查看此处：Rails 3 自动加载

首先要确保您在系统范围内使用 cookie 存储。在 config/application.rb 中，我们告诉 Rails 使用 cookie 存储。

# We use a cookie_store for session data
config.session_store :cookie_store,
                     :key => '_yourappsession',
                     :domain => :all

这里之所以提到这里，是因为 :domain =>; :all 行。还有其他人建议指定 :domain => “.yourdomain.com” 而不是 :domain => ：全部。由于某种原因，这对我不起作用，我需要如上所述的自定义中间件类。

然后在您的 config/environments/Production.rb 中添加：

config.middleware.use "CustomDomainCookie", ".yourdomain.com"

请注意，前面的点是必需的。请参阅“在父域请求中发送的子域 cookie？ ”为什么。

然后在您的 config/environments/development.rb 中添加：

config.middleware.use "CustomDomainCookie", ".lvh.me"

lvh.me 技巧映射到本地主机。太棒了。请参阅此有关子域的 Railscast 和此注释了解更多信息。

希望这应该能做到。老实说，我并不完全确定为什么这个过程如此复杂，因为我觉得跨子域网站很常见。如果有人对每个步骤背后的原因有任何进一步的见解，请在评论中启发我们。

For some reason this did not work (rails 3.2.11) for any session data that was set on a subdomain. It took a piece of custom Middleware to fix it. A summary of that solution is below.

tl;dr: You need to write a custom Rack Middleware. You need add it into your conifg/environments/[production|development].rb. This is on Rails 3.2.11

Cookie sessions are usually stored only for your top level domain.

If you look in Chrome -> Settings -> Show advanced settings… -> Privacy/Content settings… -> All cookies and site data… -> Search {yourdomain.com} You can see that there will be separate entries for sub1.yourdomain.com and othersub.yourdomain.com and yourdomain.com

The challenge is to use the same session store file across all subdomains.

Step 1: Add Custom Middleware Class

This is where Rack Middleware comes in. Some relevant rack & rails resources:

Railscasts about Rack
Railsguide for Rack
Rack documentation for sesssions abstractly and for cookie sessions

Here is a custom class that you should add in the lib
This was written by @Nader and you all should thank him

# Custom Domain Cookie
#
# Set the cookie domain to the custom domain if it's present
class CustomDomainCookie
  def initialize(app, default_domain)
    @app = app
    @default_domain = default_domain
  end

  def call(env)
    host = env["HTTP_HOST"].split(':').first
    env["rack.session.options"][:domain] = custom_domain?(host) ? ".#{host}" : "#{@default_domain}"
    @app.call(env)
  end

  def custom_domain?(host)
    host !~ /#{@default_domain.sub(/^\./, '')}/i
  end
end

Basically what this does is that it will map all of your cookie session data back onto the exact same cookie file that is equal to your root domain.

Step 2: Add To Rails Config

Now that you have a custom class in lib, make sure are autoloading it. If that meant nothing to you, look here: Rails 3 autoload

The first thing is to make sure that you are system-wide using a cookie store. In config/application.rb we tell Rails to use a cookie store.

# We use a cookie_store for session data
config.session_store :cookie_store,
                     :key => '_yourappsession',
                     :domain => :all

The reason this is here is mentioned here is because of the :domain => :all line. There are other people that have suggested to specify :domain => ".yourdomain.com" instead of :domain => :all. For some reason this did not work for me and I needed the custom Middleware class as described above.

Then in your config/environments/production.rb add:

config.middleware.use "CustomDomainCookie", ".yourdomain.com"

Note that the preceding dot is necessary. See "sub-domain cookies, sent in a parent domain request?" for why.

Then in your config/environments/development.rb add:

config.middleware.use "CustomDomainCookie", ".lvh.me"

The lvh.me trick maps onto localhost. It's awesome. See this Railscast about subdomains and this note for more info.

Hopefully that should do it. I honestly am not entirely sure why the process is this convoluted, as I feel cross subdomain sites are common. If anyone has any further insights into the reasons behind each of these steps, please enlighten us in the comments.

回复收藏 0 原文

~没有更多了~