Forum: Ruby on Rails Changing URL from domain.com to subdomain.domain.com on login

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ram (Guest)
on 2009-04-10 14:26
(Received via mailing list)
Hi all,

Ive got a login form for users with the fields subdomain, username and
password. This is at the URL http://domain.com.

When the user submits the form and login is successful, i need the URL
to change to http://subdomain.domain.com/whatever.
How can I do this?

My try was

if no_subdomain?
    redirect_to "http://#{params[:subdomain]}.domain.com/whatever"
else
    redirect_to whatever_path
end

But I think the session data is lost when you redirect like above. So
it takes me back to the login form.
Any ideas?
Frederick C. (Guest)
on 2009-04-10 14:53
(Received via mailing list)
On Apr 10, 11:26 am, Ram <removed_email_address@domain.invalid> wrote:
> Hi all,
>
> Ive got a login form for users with the fields subdomain, username and
> password. This is at the URLhttp://domain.com.
>
> When the user submits the form and login is successful, i need the URL
> to change tohttp://subdomain.domain.com/whatever.
> How can I do this?

You need to set your session cookie to apply to the whole domain (so
that when it is set from the page at domain.com it is also sent when
the browser requests subdomain.domain.com. It's one of the session
options you can set in environment.rb

Fred
Andrew T. (Guest)
on 2009-04-11 07:37
(Received via mailing list)
> that when it is set from the page at domain.com it is also sent when
>>     redirect_to whatever_path
>> end
>>
>> But I think the session data is lost when you redirect like above. So
>> it takes me back to the login form.
>> Any ideas?

Set the following in your config/environments/production.rb file:
ActionController::Base.session_options[:session_domain] = 'domain.com'
This will store the session cookie on domain.com which will then also
be readable on subdomain.domain.com

Andrew T.
http://ramblingsonrails.com
http://www.linkedin.com/in/andrewtimberlake

"I have never let my schooling interfere with my education" - Mark Twain
Ram (Guest)
on 2009-04-11 14:44
(Received via mailing list)
Hi Fred, Andrew,

Thanks a lot! I did some searching on this. Mainly because it still
isnt working for me.

It still leads me back to the login page after failing the
before_filter :login_required callback on dashboard_controller.

Im using Rails 2.1.0 so I understand the option is still
session_options[:session_domain] for me (as opposed to session_options
[:domain] for 2.2.0+)

By the way, ive tried setting ActionController::Base.session_options
[:session_domain] to both 'domain.com' and '.domain.com' but both give
me the problems.

Any idea what might be wrong?

On Apr 11, 8:37 am, Andrew T. <removed_email_address@domain.invalid>
Frederick C. (Guest)
on 2009-04-11 14:50
(Received via mailing list)
On Apr 11, 11:43 am, Ram <removed_email_address@domain.invalid> wrote:
> Im using Rails 2.1.0 so I understand the option is still
> session_options[:session_domain] for me (as opposed to session_options
> [:domain] for 2.2.0+)
>
> By the way, ive tried setting ActionController::Base.session_options
> [:session_domain] to both 'domain.com' and '.domain.com' but both give
> me the problems.
>
> Any idea what might be wrong?

Have you checked that the cookie is getting stored with the
appropriate domain  (and that you don't have excess session cookies
left hanging around from your experimentations) ?

Fred
Ram (Guest)
on 2009-04-11 15:01
(Received via mailing list)
I guessed I should be checking that but I really couldnt figure out
HOW to check them!
I use restful_authentication so where in the flow should i be raising
an exception and what should i be throwing up to debug?
Im actually pretty sure there're excess cookies hanging around.
Because when I go to domain.com/login, it takes me right in and gives
me a routing error cos of the subdomain absence. when i type in the
url domain.com/logout, it goes to the login page, fails
in :not_logged_in_required and takes me into the app again and throws
the same routing error. So there is definitely a session hanging
around. How do i clean that up?

On Apr 11, 3:49 pm, Frederick C. <removed_email_address@domain.invalid>
Frederick C. (Guest)
on 2009-04-11 15:10
(Received via mailing list)
On Apr 11, 12:01 pm, Ram <removed_email_address@domain.invalid> wrote:
> I guessed I should be checking that but I really couldnt figure out
> HOW to check them!

Wasn't thinking of anything more sophisticated than checking in your
browser's preferences.

Fred
Ram (Guest)
on 2009-04-11 15:26
(Received via mailing list)
:D <duh...>

ok i cleared the relevant cookies in Safari and its working now.

But Firefox is throwing me the InvalidAuthenticityToken error when i
try to login. any idea why?

On Apr 11, 4:09 pm, Frederick C. <removed_email_address@domain.invalid>
Frederick C. (Guest)
on 2009-04-11 15:32
(Received via mailing list)
On Apr 11, 12:25 pm, Ram <removed_email_address@domain.invalid> wrote:
> :D <duh...>
>
> ok i cleared the relevant cookies in Safari and its working now.
>
> But Firefox is throwing me the InvalidAuthenticityToken error when i
> try to login. any idea why?

maybe it also had duff cookies? authenticity tokens are based on the
session, so if the session is  messed up, so would they.

Fred
Ram (Guest)
on 2009-04-11 15:41
(Received via mailing list)
:) I checked that the first time, of course. I know I came off a lil
dim last time but come on :D

I dumped all the cookies and authentication data and all other private
data twice and restarted FF and checked again to make sure nothings
hanging around and then cleared it again and I tried logging in :).
IAT error. Any other possible causes?

I'll start googling. Thanks for your help Fred. really appreciate it.

On Apr 11, 4:31 pm, Frederick C. <removed_email_address@domain.invalid>
Frederick C. (Guest)
on 2009-04-11 16:24
(Received via mailing list)
On Apr 11, 12:40 pm, Ram <removed_email_address@domain.invalid> wrote:
> :) I checked that the first time, of course. I know I came off a lil
> dim last time but come on :D
>
> I dumped all the cookies and authentication data and all other private
> data twice and restarted FF and checked again to make sure nothings
> hanging around and then cleared it again and I tried logging in :).
> IAT error. Any other possible causes?
>

The actual domains used might be relevant - browsers won't let you set
the cookie domain to certain things, for example .domain.com is fine,
but .com isn't. The number of components you need does vary, for
example .co.uk isn't ok, whereas co.com isn't. If firefox was working
from a different list then this might happen (particuarly if this is
in development with fake local domains)

Fred
Ram (Guest)
on 2009-04-11 16:37
(Received via mailing list)
Bang on! :) Its working in production. Not working in dev. I can live
with that :). (i hope...)

Thanks again Fred!

On Apr 11, 5:23 pm, Frederick C. <removed_email_address@domain.invalid>
Andrew T. (Guest)
on 2009-04-11 16:40
(Received via mailing list)
To get sub-domains working in development, I update my hosts file with
domains like x.test.com and y.test.com and test.com in my hosts file
all pointing to localhost and then do the various tests with the
cookie set on .test.com
Then you can access the sites on x.test.com:3000 etc

Andrew T.
http://ramblingsonrails.com
http://www.linkedin.com/in/andrewtimberlake

"I have never let my schooling interfere with my education" - Mark Twain
Ram (Guest)
on 2009-04-11 16:42
(Received via mailing list)
Actually, on second thought, this could be a pain. I use FF with
Firebug to debug my JS. And also once in a while, check for browser
compatibility.

You think I can access and edit this 'list' FF might be working
off? :) kinda like editing /etc/hosts?
Or could there be a development domain that FF would recognize?

Alternatively, I could still use a staging environment for doing the
Firebug testing and browser compatibility tests.

You thoughts?


On Apr 11, 5:23 pm, Frederick C. <removed_email_address@domain.invalid>
Ram (Guest)
on 2009-04-11 16:48
(Received via mailing list)
Andrew,

Awesome! That did it.
Edited /etc/hosts as you suggested,
changed Subdomain_fu's tld_size for development to 1
restart server
boom!

Great stuff! learnt a lot! thanks a lot.. both of you..
Frederick C. (Guest)
on 2009-04-11 18:52
(Received via mailing list)
On Apr 11, 1:47 pm, Ram <removed_email_address@domain.invalid> wrote:
> Andrew,
>
> Awesome! That did it.
> Edited /etc/hosts as you suggested,
> changed Subdomain_fu's tld_size for development to 1
> restart server
> boom!
>
I just about always have domains in /etc/hosts to mirror the real
ones, ie if the app was deployed at www.example.com &
orders.example.com I'd have www.example.local & orders.example.local.
I like keeping my development environment close to the production one.

Fred
Andrew T. (Guest)
on 2009-04-11 19:13
(Received via mailing list)
> I just about always have domains in /etc/hosts to mirror the real
> ones, ie if the app was deployed at www.example.com &
> orders.example.com I'd have www.example.local & orders.example.local.
> I like keeping my development environment close to the production one.
>
> Fred

Agreed, I just wish I could use *.example.local in /etc/hosts :-)

Andrew T.
http://ramblingsonrails.com
http://www.linkedin.com/in/andrewtimberlake

"I have never let my schooling interfere with my education" - Mark Twain
This topic is locked and can not be replied to.