Sharing Cookies with Subdomains in Rails Discussion
Would it be possible for you to add subtitles in Portuguese or English? I am Brazilian, I can understand English subtitles. If you can in English it helps a lot.
Is there a strategy for sharing a login session between two different domains?
As I understand it, the episode covered sharing credentials between subdomains of the same domain. For example, foo.example.com & bar.example.com
Is there a way of sharing credentials between foo.com and bar.com ?
Would this work for authenticating from non Rails app on a subdomain? For example if we have a Rails app hosted at foo.com, and then a Next.js app on bar.foo.com, could the Rails app authenticate API requests coming from bar.foo.com using the session cookie?
So i'm using Devise for authentication and i've got everything working for signing up and signing in, but i need some help with signing out.
There's a 'home' controller and view that is the landing page for unauthenticated users at 'lvh.me:3000' and then there's a 'dashboards' controller and view that becomes the root path for a user who is signed in. They sign in, hit a before_action in my ApplicationController, get redirected to 'test.lvh.me:3000' where 'test' is the subdomain for the account, and see the dashboard page.
Here's my before_action to redirect once they're logged in:
def redirect_to_subdomain
return unless user_signed_in?
if request.subdomain.blank?
if current_user.accounts.exists?
redirect_to root_url(subdomain: current_user.accounts.first.subdomain)
end
else
unless current_user.accounts.pluck(:subdomain).include?(request.subdomain)
redirect_to root_url(subdomain: current_user.accounts.first.subdomain)
end
end
end
When they sign out, I want them to have their session destroyed (obviously) and then have them sent back to 'lvh.me:3000'. Currently, they sign out, the session gets destroyed (i can see the button text change and the account name disappear from the nav), but the URL remains 'test.lvh.me:3000'. I see that Devise's default sign out path helper is:
def after_sign_out_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
router_name = Devise.mappings[scope].router_name
context = router_name ? send(router_name) : self
context.respond_to?(:root_path) ? context.root_path : "/"
end
Is there some way to override this? My assumption here is that because Devise uses root_path instead of root_url, it's not taking the subdomain off of the route. Any thoughts on how to achieve what I want?
Aha! I fixed this by overriding this method in my ApplicationController with the following:
def after_sign_out_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
router_name = Devise.mappings[scope].router_name
context = router_name ? send(router_name) : self
context.respond_to?(:root_url) ? context.root_url(:host => request.domain) : "/"
end
Note the root_url(:host => request.domain) piece. Apparently root_url(:subdomain => false) doesn't exist. Find more discussion here: https://github.com/rails/rails/issues/2025
Would this work in the reverse situation? Where the Rails app is on a subdomain and the primary domain is pointing to a frontend app?
Is there any way to share session information between subdomains when the session_store is set to :redis_session_store
My rails app works on subdomains like
mother.lvh.com
friend.lvh.com
brother.lvh.com
Each of these subdomains are considered as separate groups which has their own users. Users from one subdomain cannot login into another subdomain.
since domain: :all share the cookie in every sub domain.
Is there any way to set cookie so that one user's cookie from his subdomain (for eg friend.lvh.com) cannot be shared to different subdomains ?
each subdomain's user has their own cookies
Suppose
User 1 from mother.lvh.com should have value 'mother.lvh.com' in the domain of the cookie
User 2 from friend.lvh.com should have value 'friend.lvh.com' in the domain of the cookie
Can you help me on this??