Anyone: I need advice for logging users in when the account information is in a subdomain off the main domain where the login form resides. I purchased a rails-based framework that by design uses subdomains for user accounts. So, let''s say my "main" domain where the login page is is called live.acme.com. The way I managed login before was the form on the main home page just asked for a login or email, and when an interim action handler (SessionsController#user_login) it found a user''s account, it redirected to: <useraccountname>.live.acme.com/session/new There a login form posting to "/session" provided the credentials inputs to log the user in. User supplies login and password, and the post works great, they get logged in and redirected to their home page. This 2 step process has proven horribly unpopular among my users and I have other reasons for wanting to truncate that process and log the user in programmatically, e.g., at account creation they want to just be logged in, and I want to redirect subscribers right to the billing page where they can consummate a purchase. The vendor has so far not responded to my plea for advice. Ripping the subdomain logic out was briefly attempted, did not go well, it permeates everything about how the framework operates. My problem is that when I authenticate the user in the interim action (the one that ordinarily just redirects to /session/new) and attempt to take them to the home page as freshly logged in users, they are mysteriously no longer logged in, and it basically takes them to /session/new. Logging confirms that they are logged_in? in this process, but once the redirect happens to the subdomain, apparently they are not. This, even if I copy the very code in the #create action that works fine when called from /session/new into a method that I call from the interim action handler (SessionsController#user_login). I''ve tried all kinds of different ways to simulate a post from /session/new to /session in that action handler but no luck. I must be missing some piece of information that would lead to my "Well, duh" moment but it is eluding me right now. Is there something in the session object I can manipulate? It''s using cookie storage. FYI, this is Rails 2.3.2 (yes, I know about the security problem, will apply the patch as soon as I''m done with this code update). Thanks in advance, Bob -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung
2011-Mar-02 19:14 UTC
Re: Logging in when user account captured by subdomain
On 2 Mar 2011, at 18:54, Robert Calco <bobcalco-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Anyone: > > > My problem is that when I authenticate the user in the interim action (the one that ordinarily just redirects to /session/new) and attempt to take them to the home page as freshly logged in users, they are mysteriously no longer logged in, and it basically takes them to /session/new. Logging confirms that they are logged_in? in this process, but once the redirect happens to the subdomain, apparently they are not. This, even if I copy the very code in the #create action that works fine when called from /session/new into a method that I call from the interim action handler (SessionsController#user_login). > > I''ve tried all kinds of different ways to simulate a post from /session/new to /session in that action handler but no luck. I must be missing some piece of information that would lead to my "Well, duh" moment but it is eluding me right now. Is there something in the session object I can manipulate? It''s using cookie storage. FYI, this is Rails 2.3.2 (yes, I know about the security problem, will apply the patch as soon as I''m done with this code update).I''d check the domain that being set on the session cookie (assuming logged-in-ness is stored in the session. If stored in a separate cookie then check that cookie Fred> > Thanks in advance, > > Bob > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Actually after much banging of my head on the wall, the obvious hit me: I need to specify the :host on the redirect to the full domain of the user account! Doh! "Well, duh!" ;) Thanks Frederick for your suggestion, it helped. - Bob On Wed, Mar 2, 2011 at 7:14 PM, Frederick Cheung <frederick.cheung-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > On 2 Mar 2011, at 18:54, Robert Calco <bobcalco-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > Anyone: > > > My problem is that when I authenticate the user in the interim action (the > one that ordinarily just redirects to /session/new) and attempt to take them > to the home page as freshly logged in users, they are mysteriously no longer > logged in, and it basically takes them to /session/new. Logging confirms > that they are logged_in? in this process, but once the redirect happens to > the subdomain, apparently they are not. This, even if I copy the very code > in the #create action that works fine when called from /session/new into a > method that I call from the interim action handler > (SessionsController#user_login). > > I''ve tried all kinds of different ways to simulate a post from /session/new > to /session in that action handler but no luck. I must be missing some piece > of information that would lead to my "Well, duh" moment but it is eluding me > right now. Is there something in the session object I can manipulate? It''s > using cookie storage. FYI, this is Rails 2.3.2 (yes, I know about the > security problem, will apply the patch as soon as I''m done with this code > update). > > > I''d check the domain that being set on the session cookie (assuming > logged-in-ness is stored in the session. If stored in a separate cookie then > check that cookie > > Fred > > > Thanks in advance, > > Bob > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.