Changing URL from domain.com to subdomain.domain.com on login


#1

Hi all,

Ive got a login form for users with the fields subdomain, username and
password. This is at the URL http://domain.com.

When the user submits the form and login is successful, i need the URL
to change to http://subdomain.domain.com/whatever.
How can I do this?

My try was

if no_subdomain?
redirect_to “http://#{params[:subdomain]}.domain.com/whatever”
else
redirect_to whatever_path
end

But I think the session data is lost when you redirect like above. So
it takes me back to the login form.
Any ideas?


#2

On Apr 10, 11:26 am, Ram removed_email_address@domain.invalid wrote:

Hi all,

Ive got a login form for users with the fields subdomain, username and
password. This is at the URLhttp://domain.com.

When the user submits the form and login is successful, i need the URL
to change tohttp://subdomain.domain.com/whatever.
How can I do this?

You need to set your session cookie to apply to the whole domain (so
that when it is set from the page at domain.com it is also sent when
the browser requests subdomain.domain.com. It’s one of the session
options you can set in environment.rb

Fred


#3

that when it is set from the page at domain.com it is also sent when

redirect_to whatever_path

end

But I think the session data is lost when you redirect like above. So
it takes me back to the login form.
Any ideas?

Set the following in your config/environments/production.rb file:
ActionController::Base.session_options[:session_domain] = ‘domain.com
This will store the session cookie on domain.com which will then also
be readable on subdomain.domain.com

Andrew T.
http://ramblingsonrails.com
http://www.linkedin.com/in/andrewtimberlake

“I have never let my schooling interfere with my education” - Mark Twain


#4

On Apr 11, 11:43 am, Ram removed_email_address@domain.invalid wrote:

Im using Rails 2.1.0 so I understand the option is still
session_options[:session_domain] for me (as opposed to session_options
[:domain] for 2.2.0+)

By the way, ive tried setting ActionController::Base.session_options
[:session_domain] to both ‘domain.com’ and ‘.domain.com’ but both give
me the problems.

Any idea what might be wrong?

Have you checked that the cookie is getting stored with the
appropriate domain (and that you don’t have excess session cookies
left hanging around from your experimentations) ?

Fred


#5

Hi Fred, Andrew,

Thanks a lot! I did some searching on this. Mainly because it still
isnt working for me.

It still leads me back to the login page after failing the
before_filter :login_required callback on dashboard_controller.

Im using Rails 2.1.0 so I understand the option is still
session_options[:session_domain] for me (as opposed to session_options
[:domain] for 2.2.0+)

By the way, ive tried setting ActionController::Base.session_options
[:session_domain] to both ‘domain.com’ and ‘.domain.com’ but both give
me the problems.

Any idea what might be wrong?

On Apr 11, 8:37 am, Andrew T. removed_email_address@domain.invalid


#6

I guessed I should be checking that but I really couldnt figure out
HOW to check them!
I use restful_authentication so where in the flow should i be raising
an exception and what should i be throwing up to debug?
Im actually pretty sure there’re excess cookies hanging around.
Because when I go to domain.com/login, it takes me right in and gives
me a routing error cos of the subdomain absence. when i type in the
url domain.com/logout, it goes to the login page, fails
in :not_logged_in_required and takes me into the app again and throws
the same routing error. So there is definitely a session hanging
around. How do i clean that up?

On Apr 11, 3:49 pm, Frederick C. removed_email_address@domain.invalid


#7

On Apr 11, 12:01 pm, Ram removed_email_address@domain.invalid wrote:

I guessed I should be checking that but I really couldnt figure out
HOW to check them!

Wasn’t thinking of anything more sophisticated than checking in your
browser’s preferences.

Fred


#8

On Apr 11, 12:25 pm, Ram removed_email_address@domain.invalid wrote:

:smiley: <duh…>

ok i cleared the relevant cookies in Safari and its working now.

But Firefox is throwing me the InvalidAuthenticityToken error when i
try to login. any idea why?

maybe it also had duff cookies? authenticity tokens are based on the
session, so if the session is messed up, so would they.

Fred


#9

:slight_smile: I checked that the first time, of course. I know I came off a lil
dim last time but come on :smiley:

I dumped all the cookies and authentication data and all other private
data twice and restarted FF and checked again to make sure nothings
hanging around and then cleared it again and I tried logging in :).
IAT error. Any other possible causes?

I’ll start googling. Thanks for your help Fred. really appreciate it.

On Apr 11, 4:31 pm, Frederick C. removed_email_address@domain.invalid


#10

:smiley: <duh…>

ok i cleared the relevant cookies in Safari and its working now.

But Firefox is throwing me the InvalidAuthenticityToken error when i
try to login. any idea why?

On Apr 11, 4:09 pm, Frederick C. removed_email_address@domain.invalid


#11

On Apr 11, 12:40 pm, Ram removed_email_address@domain.invalid wrote:

:slight_smile: I checked that the first time, of course. I know I came off a lil
dim last time but come on :smiley:

I dumped all the cookies and authentication data and all other private
data twice and restarted FF and checked again to make sure nothings
hanging around and then cleared it again and I tried logging in :).
IAT error. Any other possible causes?

The actual domains used might be relevant - browsers won’t let you set
the cookie domain to certain things, for example .domain.com is fine,
but .com isn’t. The number of components you need does vary, for
example .co.uk isn’t ok, whereas co.com isn’t. If firefox was working
from a different list then this might happen (particuarly if this is
in development with fake local domains)

Fred


#12

Bang on! :slight_smile: Its working in production. Not working in dev. I can live
with that :). (i hope…)

Thanks again Fred!

On Apr 11, 5:23 pm, Frederick C. removed_email_address@domain.invalid


#13

To get sub-domains working in development, I update my hosts file with
domains like x.test.com and y.test.com and test.com in my hosts file
all pointing to localhost and then do the various tests with the
cookie set on .test.com
Then you can access the sites on x.test.com:3000 etc

Andrew T.
http://ramblingsonrails.com
http://www.linkedin.com/in/andrewtimberlake

“I have never let my schooling interfere with my education” - Mark Twain


#14

Actually, on second thought, this could be a pain. I use FF with
Firebug to debug my JS. And also once in a while, check for browser
compatibility.

You think I can access and edit this ‘list’ FF might be working
off? :slight_smile: kinda like editing /etc/hosts?
Or could there be a development domain that FF would recognize?

Alternatively, I could still use a staging environment for doing the
Firebug testing and browser compatibility tests.

You thoughts?

On Apr 11, 5:23 pm, Frederick C. removed_email_address@domain.invalid


#15

Andrew,

Awesome! That did it.
Edited /etc/hosts as you suggested,
changed Subdomain_fu’s tld_size for development to 1
restart server
boom!

Great stuff! learnt a lot! thanks a lot… both of you…


#16

On Apr 11, 1:47 pm, Ram removed_email_address@domain.invalid wrote:

Andrew,

Awesome! That did it.
Edited /etc/hosts as you suggested,
changed Subdomain_fu’s tld_size for development to 1
restart server
boom!

I just about always have domains in /etc/hosts to mirror the real
ones, ie if the app was deployed at www.example.com &
orders.example.com I’d have www.example.local & orders.example.local.
I like keeping my development environment close to the production one.

Fred


#17

I just about always have domains in /etc/hosts to mirror the real
ones, ie if the app was deployed at www.example.com &
orders.example.com I’d have www.example.local & orders.example.local.
I like keeping my development environment close to the production one.

Fred

Agreed, I just wish I could use *.example.local in /etc/hosts :slight_smile:

Andrew T.
http://ramblingsonrails.com
http://www.linkedin.com/in/andrewtimberlake

“I have never let my schooling interfere with my education” - Mark Twain