53304

Rails Sessions over servers

Question:

I'd like to have some rails apps over different servers sharing the same session. I can do it within the same server but don't know if it is possible to share over different servers. Anyone already did or knows how to do it?

Thanks

Answer1:

Depending on how your app is set up, you <em>can</em> easily share cookies from sites in the same domain (foo.domain, bar.domain, domain) by setting your apps up to use the same secret: <a href="http://www.russellquinn.com/2008/01/30/multiple-rails-applications/" rel="nofollow">http://www.russellquinn.com/2008/01/30/multiple-rails-applications/</a>

Now, if you have disparate sites, such as sdfsf.com, dsfsadfsdafdsaf.com, etc. you'll have to do a lot more tricks because the very nature of cookies restricts them to the specific domain. Essentially what you're trying to do is use cross-site scripting to, instead of hijack your session, read it from the other ones.

In that case, a combination of using the same cookie secret etc and then some cross-site scripting you can manually extract the session info and re-create it on each site (or if you use ActiveRecord session {or NFS session dir}, link up with the existing one). It's not easy, but it can be done.

Or, the low-tech way (which I've done before) is simply have the login page visit a specially crafted login page on each site that sets an app cookie on it and bounces you to the next one. It isn't pretty.

Answer2:

Use the <a href="https://github.com/rails/activerecord-session_store" rel="nofollow">Database Session store</a>. The short of it is this:

<blockquote>

To generate the table, at the console, run

rake db:sessions:create

in your environment.rb, include this line

config.action_controller.session_store = :active_record_store </blockquote>

Answer3:

Try using database-backed sessions.

Answer4:

In Rails 2.0 there is now a CookieStore that stores all session data in an encrypted cookie on the client's machine.

<a href="http://izumi.plan99.net/blog/index.php/2007/11/25/rails-20-cookie-session-store-and-security/" rel="nofollow">http://izumi.plan99.net/blog/index.php/2007/11/25/rails-20-cookie-session-store-and-security/</a>

Recommend

  • SignalR Client - The remote server returned an error (401 Unauthorized)
  • Liquid layout in WPF?
  • Casting and Generics, Any performance difference?
  • Why program (global) scope variables must be __constant?
  • How to convert a vector to a vector/string
  • SignalR performance
  • How to serialize a Date using AVRO in Java
  • jQuery not working properly in Laravel 5
  • Load requireJS module inline the HTML body?
  • Consume tensor-flow serving inception model using java client
  • iPhone/iPad: animated splash screen?
  • Python SKLearn: How to Get Feature Names After OneHotEncoder?
  • Where to store user uploaded files in Django
  • How do I insert a line break in an xtable caption?
  • Calling a jQuery method named in variable
  • JSF 2 OpenJPA 2 Glassfish 3.1 WEB9031 Error
  • Should I have different DTOs for Create and Update? (CRUD) [closed]
  • ProgressDialog.show inside AsyncTask stop my Program from execution
  • Mailkit Authenticate to Imap fails
  • How to access a bundled ES6 class in inline
  • Installation failed for laravel/lumen-installer: guzzlehttp/guzzle locked at 6.3.0
  • MySql tables, error #1064 & error #1068 Multiple primary key defined [closed]
  • Train two models concurrently
  • Existing data serialized as hash produces error when upgrading to Rails 5
  • Repeatable job for Laravel json api
  • MSBuild does not build solution file because of mismatching package name
  • iOS: Address Book
  • How to delete first 7 characters of folder name by using batch script?
  • Querying Elasticsearch Address Based Index
  • python socket.sendto
  • Haskell program that can handle any arbitrary deterministic finite automaton
  • SQL Server 2012 not showing unicode character in results
  • Google Spreadsheet Script to Blink a range of Cells
  • how to snap two objects in runtime in unity?
  • Another “Cannot make static reference…” Question
  • What does the “id” field in an Android “Google Play Music” broadcast intent correspond to?
  • How to mutate multiple variables without repeating codes?