我有一个应用程序,用户可以登录到他们的公司子域.
def after_sign_in_path_for(resource_or_scope) scope = Devise::Mapping.find_scope!(resource_or_scope) subdomain_name = current_user.firm.subdomain if current_subdomain.nil? # logout of root domain and login by token to subdomain token = Devise.friendly_token current_user.loginable_token = token current_user.save sign_out(current_user) flash[:notice] = nil home_path = valid_user_url(token,:subdomain => subdomain_name) return home_path else if subdomain_name != current_subdomain.name # user not part of current_subdomain sign_out(current_user) flash[:notice] = nil flash[:alert] = "Sorry,invalid user or password for subdomain" end end super end
它在chrome,firefox,opera和safari中运行得非常好,但它在IE9中不起作用.我没有收到任何错误消息.从日志中我看到用户获得了sigend,当用户被重定向到主页时,他/她是未经授权的.有没有人知道发生了什么?形成日志.
Processing by SessionsController#create as HTML Parameters: {"utf8"=>"✓","authenticity_token"=>"JaffZi9f+Uyovuya8wR2u7LjG9w/3wdUDqTqONt/kFM=","user"=>{"email "=>"andreas@lizz.no","password"=>"[FILTERED]","remember_me"=>"0"},"commit"=>"Sign in"} User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."email" = ''whatever@atlatis.at' LIMIT 1 (0.0ms) begin transaction (1.0ms) UPDATE "users" SET "last_sign_in_at" = '2012-03-02 20:46:06.658370',"current_sign_in_at" = '2012-03- 02 20:56:29.481286',"sign_in_count" = 41,"updated_at" = '2012-03-02 20:56:29.482286' WHERE "users"."id" = 1 [paperclip] Saving attachments. (62.0ms) commit transaction Firm Load (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."id" = 1 LIMIT 1 Firm Load (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1 CACHE (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1 Redirected to http://den.lvh.me:3000/ Completed 302 Found in 182ms (ActiveRecord: 0.0ms) Started GET "/" for 127.0.0.1 at 2012-03-02 21:56:29 +0100 Processing by PrivateController#statistics as HTML Firm Load (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1 Completed 401 Unauthorized in 2ms Started GET "/users/sign_in" for 127.0.0.1 at 2012-03-02 21:56:29 +0100 Processing by SessionsController#new as HTML Rendered devise/_links.erb (2.0ms) Rendered devise/sessions/new.html.erb within layouts/registration (13.0ms) Completed 200 OK in 27ms (Views: 26.0ms | ActiveRecord: 0.0ms)
解决方法
如果您跨越子域,最好只将会话cookie更改为跨域.
在初始化程序中编辑session-store.rb文件可以做到这一点.
Babyreveal::Application.config.session_store :cookie_store,key: '_babyreveal_session',:domain => ".mybabyreveal.com"
请注意.域名attribtue上的前缀.这允许跨子域访问此cookie,应用程序应该跨子域维护它的会话.可能不是100%你想要的,但它应该让你朝着正确的方向前进.
