发表新帖
发表新帖

Rails - Multiple top level domains and a single session/cookie

后端 未结
关注
5 450
长发绾君心
长发绾君心 2020-12-14 18:50

I\'ve been struggling with this for quite awhile and haven\'t been able to find a solution. I need a user to be able to view multiple top level domains with a single login.<

相关标签:
5条回答
  • 滥情空心
    2020-12-14 19:30

    For sub-domains in Rails 2.3

    ActionController::Base.session = { :domain => ".mydomain.com" }

    For top-level domains try this middleware.

    I've been playing with the above middleware at the moment and it does not quite work as expected. If you do use the middleware you do not need the above code as it handles sub-domains as well.

    0 讨论(0)
  • 無奈伤痛
    2020-12-14 19:48

    You will probably need something like RubyCAS if you want authentication across domains regardless of whether they're top-level or subdomains.

    0 讨论(0)
  • 抹茶落季
    2020-12-14 19:50

    Your question is not really precise enough IMHO. Do you want a single cookie for all Rails apps you have or is it within the context of a single one? If the former, you want to look at solutions using database-backed sessions or something along the line of RubyCAS to implement the CAS protocol.

    0 讨论(0)
  • 悲哀的现实
    2020-12-14 19:55

    This one is a bit tricky. Since cookies can only be assigned to (and retrieved from) the current domain ("forms.example.com", say) and parent domains (".example.com", but not ".com"), but NOT to other domains ("othersite.com"), you'll have to find yourself another solution. This has nothing to do with Rails, but with how cookies work.

    EDIT: Sessions rely on a client-specific handle, stored in a cookie, which is why sessions also don't work cross-domain.

    This site has one possible solution for creating a cross-domain cookie, and it's the cleanest way I know of, although it may have some security implications. A more complicated version would have the servers communicate directly through some secure channel.

    If you're looking for a more general-purpose single-login service, try implementing some form of OpenID.

    0 讨论(0)
  • 谎友^
    2020-12-14 19:57

    Both Keltia and zuk are right, Answer is rubyCAS, We have do that integration and it allows

    SSI - Single sign -in You sign to one site and you are automatically signed to the other

    SSO - Single Sign Out You sign out from one site and automatically you signed out from the other

    For us this is a proven solution and not a hard one to implement

    we are using it in http://www.cabslk.com and www.ticketslk.com

    cheers, Sameera

    0 讨论(0)
 看不清?
提交回复
热议问题