我有一个应用程序,用户可以登录到他们的公司子域.
def after_sign_in_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
subdomain_name = current_user.firm.subdomain
if current_subdomain.nil?
# logout of root domain and login by token to subdomain
token = Devise.friendly_token
current_user.loginable_token = token
current_user.save
sign_out(current_user)
flash[:notice] = nil
home_path = valid_user_url(token,:subdomain => subdomain_name)
return home_path
else
if subdomain_name != current_subdomain.name
# user not part of current_subdomain
sign_out(current_user)
flash[:notice] = nil
flash[:alert] = "Sorry,invalid user or password for subdomain"
end
end
super
end
它在chrome,firefox,opera和safari中运行得非常好,但它在IE9中不起作用.我没有收到任何错误消息.从日志中我看到用户获得了sigend,当用户被重定向到主页时,他/她是未经授权的.有没有人知道发生了什么?形成日志.
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓","authenticity_token"=>"JaffZi9f+Uyovuya8wR2u7LjG9w/3wdUDqTqONt/kFM=","user"=>{"email
"=>"andreas@lizz.no","password"=>"[FILTERED]","remember_me"=>"0"},"commit"=>"Sign in"}
User Load (0.0ms) SELECT "users".* FROM "users" WHERE
"users"."email" = ''whatever@atlatis.at' LIMIT 1
(0.0ms) begin transaction
(1.0ms) UPDATE "users" SET
"last_sign_in_at" = '2012-03-02 20:46:06.658370',"current_sign_in_at" = '2012-03-
02 20:56:29.481286',"sign_in_count" = 41,"updated_at" = '2012-03-02 20:56:29.482286' WHERE "users"."id" = 1
[paperclip] Saving attachments.
(62.0ms) commit transaction
Firm Load (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."id" = 1 LIMIT 1
Firm Load (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1
CACHE (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1
Redirected to http://den.lvh.me:3000/
Completed 302 Found in 182ms (ActiveRecord: 0.0ms)
Started GET "/" for 127.0.0.1 at 2012-03-02 21:56:29 +0100
Processing by PrivateController#statistics as HTML
Firm Load (0.0ms) SELECT "firms".* FROM "firms" WHERE "firms"."subdomain" = 'den' LIMIT 1
Completed 401 Unauthorized in 2ms
Started GET "/users/sign_in" for 127.0.0.1 at 2012-03-02 21:56:29 +0100
Processing by SessionsController#new as HTML
Rendered devise/_links.erb (2.0ms)
Rendered devise/sessions/new.html.erb within layouts/registration (13.0ms)
Completed 200 OK in 27ms (Views: 26.0ms | ActiveRecord: 0.0ms)
解决方法
如果您跨越子域,最好只将会话cookie更改为跨域.
在初始化程序中编辑session-store.rb文件可以做到这一点.
Babyreveal::Application.config.session_store :cookie_store,key: '_babyreveal_session',:domain => ".mybabyreveal.com"
请注意.域名attribtue上的前缀.这允许跨子域访问此cookie,应用程序应该跨子域维护它的会话.可能不是100%你想要的,但它应该让你朝着正确的方向前进.