Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Access session across subdomains (Rails 4)

Hi i have a multitenant rails 4 application that has a simple sign in solution. However each user has a subdomain that the user gets redirected to after login.

The problem is that as they arrive at the subdomain they are not logged in anymore due to the known problem that sessions are not shared across subdomains.

I have tried several different solution to this problem, however i do not get the session to persist across subdomains. I believe this might be due to my development environment?

I have tried all answers to this question: Share session (cookies) between subdomains in Rails?

Nothing seems to work. Is there something I'm missing here? Is it the browser or rails 4 or....? How should i approach this problem?

Edit: My sessions_store initializer:

Imagesite::Application.config.session_store :cookie_store, key: '_imagesite_session', :domain => "imagesite.dev"

I have also tried ".imagesite.dev" and :all.

I also tried the solution described by Evan at the other question linked above.

Examples of subdomains: "ole.imagesite.dev" or "ole2.imagesite.dev" just basic subdomain based on what the user has entered as his/her subdomain.

like image 643
Ole Henrik Skogstrøm Avatar asked Oct 04 '13 15:10

Ole Henrik Skogstrøm


2 Answers

I finally solved it!

I had to set the domain when i create the auth_token cookie. like this:

cookies[:auth_token] = { value: user.auth_token, domain: ".lvh.me" }

and like this to delete the cookie:

cookies.delete(:auth_token, :domain => '.lvh.me')

Complete example:

  def create
    user = User.find_by_username(params[:username])
    user ||= User.find_by_email(params[:username])
    if user && user.authenticate(params[:password])
      # session[:user_id] = user.id
        if params[:remember_me]
        cookies.permanent[:auth_token] = { value: user.auth_token, domain: ".lvh.me" }
      else
        cookies[:auth_token] = { value: user.auth_token, domain: ".lvh.me" }
      end
        redirect_to root_url(:subdomain => "#{current_user.subdomain}"), notice: "You are now loged in."
    else
        flash.now.alert = "Email or password is invalid"
        render "new"
    end
  end

  def destroy
    #session[:user_id] = nil
    cookies.delete(:auth_token, :domain => '.lvh.me')
    redirect_to root_url(:subdomain => false), notice: "Loged out"
  end
like image 137
Ole Henrik Skogstrøm Avatar answered Nov 03 '22 16:11

Ole Henrik Skogstrøm


With Rails 4.2.5.1, the following works for me:

Rails.application.config.session_store :cookie_store, key: '_magic_session', tld_length: 2

Yes, without the domain: option.

Update: It's better to set the domain: option to :all.

Rails.application.config.session_store :cookie_store, key: '_magic_session', domain: :all, tld_length: 2

It may has to be domain: "magic.com" if env["HTTP_HOST"] holds an IP address, not a domain name, in the development environment or behind a proxy. For nginx, proxy_set_header HOST $host:$server_port; can preserve the domain name.

like image 31
builder Avatar answered Nov 03 '22 15:11

builder