Logging in when user account captured by subdomain

Anyone:

I need advice for logging users in when the account information is in a
subdomain off the main domain where the login form resides.

I purchased a rails-based framework that by design uses subdomains for
user
accounts. So, let’s say my “main” domain where the login page is is
called
live.acme.com.

The way I managed login before was the form on the main home page just
asked
for a login or email, and when an interim action handler
(SessionsController#user_login) it found a user’s account, it redirected
to:

.live.acme.com/session/new

There a login form posting to “/session” provided the credentials inputs
to
log the user in. User supplies login and password, and the post works
great,
they get logged in and redirected to their home page.

This 2 step process has proven horribly unpopular among my users and I
have
other reasons for wanting to truncate that process and log the user in
programmatically, e.g., at account creation they want to just be logged
in,
and I want to redirect subscribers right to the billing page where they
can consummate a purchase.

The vendor has so far not responded to my plea for advice. Ripping the
subdomain logic out was briefly attempted, did not go well, it permeates
everything about how the framework operates.

My problem is that when I authenticate the user in the interim action
(the
one that ordinarily just redirects to /session/new) and attempt to take
them
to the home page as freshly logged in users, they are mysteriously no
longer
logged in, and it basically takes them to /session/new. Logging confirms
that they are logged_in? in this process, but once the redirect happens
to
the subdomain, apparently they are not. This, even if I copy the very
code
in the #create action that works fine when called from /session/new into
a
method that I call from the interim action handler
(SessionsController#user_login).

I’ve tried all kinds of different ways to simulate a post from
/session/new
to /session in that action handler but no luck. I must be missing some
piece
of information that would lead to my “Well, duh” moment but it is
eluding me
right now. Is there something in the session object I can manipulate?
It’s
using cookie storage. FYI, this is Rails 2.3.2 (yes, I know about the
security problem, will apply the patch as soon as I’m done with this
code
update).

Thanks in advance,

Bob

On 2 Mar 2011, at 18:54, Robert C. [email protected] wrote:

Anyone:

My problem is that when I authenticate the user in the interim action (the one
that ordinarily just redirects to /session/new) and attempt to take them to the
home page as freshly logged in users, they are mysteriously no longer logged in,
and it basically takes them to /session/new. Logging confirms that they are
logged_in? in this process, but once the redirect happens to the subdomain,
apparently they are not. This, even if I copy the very code in the #create action
that works fine when called from /session/new into a method that I call from the
interim action handler (SessionsController#user_login).

I’ve tried all kinds of different ways to simulate a post from /session/new to
/session in that action handler but no luck. I must be missing some piece of
information that would lead to my “Well, duh” moment but it is eluding me right
now. Is there something in the session object I can manipulate? It’s using cookie
storage. FYI, this is Rails 2.3.2 (yes, I know about the security problem, will
apply the patch as soon as I’m done with this code update).

I’d check the domain that being set on the session cookie (assuming
logged-in-ness is stored in the session. If stored in a separate cookie
then check that cookie

Fred

Actually after much banging of my head on the wall, the obvious hit me:
I
need to specify the :host on the redirect to the full domain of the user
account!

Doh!

“Well, duh!” :wink:

Thanks Frederick for your suggestion, it helped.

  • Bob

On Wed, Mar 2, 2011 at 7:14 PM, Frederick C.
<[email protected]