I have a Rails 5 app that uses Devise for managing users and hosted on Heroku.
My site is called www.example.com but I allow my users to set up custom domains so it could be www.andyexample.com as well.
I can successfully login to www.example.com. However, when I login to www.example.com and then navigate to www.andyexample.com I'm not logged in anymore even though it's the same application.
Is there a way to keep me logged in even when I change between domains?
My understanding was that Devise uses cookies but since a cookie is stored in the browser, why does it not keep me logged in?
Not a duplicate to the suggested post since it's outdated and has 1 reply that introduces a fairly complex solution to something that should be easier to achieve.
Cheers,
Related
I have a standard Rails app with Devise for authentication. I have a second app with Helpy.io installed (also Devise). I am looking for two scenarios:
Authenticated Users on the Main site can access the Help site
Sync the user databases and once you are logged into the main you are automatically logged into the Help site and can open tickets etc.
Here is what I have tried for option 1 to start:
I have set the SECRET_KEY_BASE and SESSION_STORE on both sites the same and in session_store.rb:
Rails.application.config.session_store :cookie_store, key: ENV['SESSION_STORE'], domain: 'mydomain'
On my help site I have an application controller before_action that redirects to the main site if a particular session variable is nil (this is cleared on the main site if you logout).
What Works
If I authenticate on the main site then visit the help site everything works fine. I can navigate the help site etc. and I am not logged in (which is fine for option 1 for now). My users can just browse the help site and open tickets manually. If I signout on the main site and go to the help site my re-direct kicks in and I end up back at the main app sign-in page.
What is Broken
If I navigate from the help site back to the main site I am automatically signed out. I can still access the help site. If I log back in the main site works fine again UNTIL I go back to the help site and the process starts again.
Question
Where do I start to look to find what in Devise or anywhere else (assuming it's Devise) that is getting cleared etc. to make my app think I am not authenticated anymore?
I ended up going with a static Jeklly site and this approach:
Authenticate static files with Devise?
I'm developing a rails app that use devise to manage users, and I want to prevent user from signing into my app directly. (can I just prevent it by removing all the relevant routes?)
I have removed the front end logic, but I know that browser is not the only way to access a website. People can also use tools like curl to access website, so I want to know how people do that so I can better prevent it.
I have a rails app hosted on Heroku which uses a custom domain and no SSL, but on the checkout page I want to use the Heroku URL instead which already has SSL configured.
So for example, a user is on http://www.example.com and is logged in already and then clicks the checkout link which goes to https://example.herokuapp.com/checkout.
The issue is that once the user visits the 2nd URL they get redirected as the app thinks they are no longer logged in. Is there a way to keep the user logged in when switching between these pages?
You cannot do that with the herokuapp.com subdomain.
That domain is listed by browsers in their public suffix list: https://devcenter.heroku.com/articles/cookies-and-herokuapp-com
That means you cannot use a cookie which will set *.herokuapp.com, even less *.com.
The only you can do this is by using your custom domain, or the herokuapp.com subdomain all the time.
If the reason you're not using SSL on your custom domain is the price, you could be interested by CloudFlare's SSL offering and proxy requests to your app through them: https://www.cloudflare.com/ssl
I have two Rails 4 sites, auth.example.com and app.example.com. Eventually there are going to be multiple app-type sites, maybe a dozen or two, but let's start with the one. Auth has devise set up so we can do basic user management (user creation and deactivation, password and SSH key management, etc.), with users logging into auth so they can do basic stuff themselves like update their address or phone number.
I want to set up app so that it uses the same authentication as auth. If a user tries to access app without being logged in, I want to redirect them to auth so they can log in, then go back to the page they were trying to access on app. Basically, I want to do devise actions on app, but with devise residing on auth. This, of course, is so that when we have multiple sites running, we can implement devise once instead of having to put it on every one of our sites individually.
I found this but it doesn't look like it's quite what I want:
http://4trabes.com/2012/10/31/remote-authentication-with-devise/
Anybody have a pointer to a resource that can walk me through how to do this?
Thanks.
What I would do is create a small API simply for user management. Then allow your other apps to make calls to that API to log a user in, create a user, etc. So keeping them on whatever site they're on, but in the background you're talking to the auth API.
I'm running two Spree Commerce 2.0.4 apps along side each other, one on localhost:3000, the other on localhost:3001. I'm using Webrick. The first is a default install - spree install --auto-accept. The second is a default install with just a few very basic theme modifications and database changes (it has a different admin email / password). Both are using Spree's devise authentication method (ie, the default).
Both apps run alongside each other just fine, as long as I don't log in. If I login on one, it works fine, until I login on the other, when I'm auto-logged out from the first, and logged in OK on the second. So, I can only be logged in on one at a time.
Ideally, I'd like to be logged in as admin on both at the same time, without them interfering with each other.
I just started another (non-spree) Rails app on localhost:3002. It's a simple blog, using devise for auth, and it's authentication system doesn't seem to be affected by the two spree apps. So, the issue seems to be specific to the spree apps.
Any ideas as to what could be the problem, or how I can run two spree apps locally without them interfering with each other's user authentication?
UPDATE: I just tried making both spree installs have an admin account with the same email / password, and logging in with that account. However, the same issue remains - logging in on one app logs me out on the other.
You can try to use two different browsers. Such as Chrome for 3000, Firefox for 3001.