I have a WordPress marketing site and a Rails web application. A user starts their session on the WP site, and then progresses to the Rails site.
I want to track conversions from the last WP step to the first Rails step, but Mixpanel doesn't seem to be recognizing that the user is the same user at that point.
How can I track a user in Mixpanel across subdomains?
Here you go with 2 solutions :
The quick solution is query parameters.
If the user is redirected to the Rails site directly from the WP blog then you can pass the user_id that you set on the WP blog to the Rails site as a query parameter (GET params for example, or headers).
Then, you'll be able to retrieve and set the same user_id in your Rails site and Mixpanel will recognize that it's the same user.
Something cleaner would be to use cookies.
If you have access to the back-end of the WP site, you can create an endpoint that returns the user cookie that the user has on your blog. Then you can call that endpoint from your Rails site.
Create a cookie with the user_id on your WP blog
Call the cookies endpoint of your WP blog from the Rails site
Use the cookie you just retrieved to set the same user_id on your Rails site.
This is a bit like Facebook does.
Related
I have a Ember 2 application (ember-cli) that uses a Rails API as the back end. For this application, I have enabled Wildcard DNS with my DNS Provider (Cloudflare). When a user signs up with my website, I want them to be able to use their subdomain to access their public home page.
For example:
A user named Steve signs up for my site located at awesome.com. So Steve browses to steve.awesome.com, which internally would translate to awesome.com/users/steve. How do I setup my Ember routes such that it can route based off of the subdomain?
I have come to a solution, but it isn't exactly what I was initially looking for. I realized there really isn't a reason why the URL has to be awesome.com/users/steve, and instead have decided that their subdomain (or custom domain) will act as their identifier. So let's say Steve browses to steve.awesome.com, I will figure out the host via window.location.hostname, and use that as a lookup key to pass to my Rails API and retrieve user data.
Not exactly the solution I originally was seeking, but it solves my issue!
Setup
I have a Rails application where users register for an account, and a subdomain is created for them. They can then proceed to the subdomain and log in with their credentials. The workflow looks something like this:
User visits base domain fills out a form that with email/username/password and subdomain fields
From the submitted info, the server creates an account in the global/public database. Server then creates a database that will be specific to that particular subdomain/account, and stores the user record in it.
User is redirected to their subdomain, and asked to log in.
(note: to implement the separate "databases", I'm using postgres schemas, but that should be irrelevant.)
The question
My question involves step 3. I would like to redirect the user to their subdomain and log them in automatically instead of asking them to log in. However, I do not want to share a single session across all of the subdomains.
I would like to somehow securely transmit auto login request.
Possible Solution
I have considered using a single-use, random token that I would store in a cookie and in the users table. After the user successfully creates an account, he would be redirected to the subdomain. At that point the token would be consumed/destroyed and the user would be automatically logged in.
I would also need to have a short window for the token to be used before expiring.
Thoughts? Thanks!
I had the same issue, the possible solution you suggest does not work because the session is not shared between subdomains.
I solved it the following way (same idea you propossed, different implementation):
Create a new model (I called it LoginKey) that contains the user_id and a random SHA1 key.
When the user is authenticated at the parent domain (for example: mydomain.com/users/sign_in), a new LoginKey is created and the user is redirected to the corresponding subdomain to an action that I called login_with_key (for example: user_subdomain.mydomain.com/users/login_with_key?key=f6bb001ca50709efb22ba9b897d928086cb5d755322a3278f69be4d4daf54bbb)
Automatically log the user in with the key provided:
key = LoginKey.find_by_login_key(params[:key])
sign_in(key.user) unless key.nil?
Destroy the key:
key.destroy
I didn't like this solution 100%, I tried out a lot of different approaches that do not require a db record to be created, but always faced security concerns, and I think this one is safe.
Referring to: Ember authentication best practices?
We have two separate apps: a Rails backend/API and a standalone Ember app. The Ember app will speak to the Rails API.
I've found ember-auth (https://github.com/heartsentwined/ember-auth), but I don't understand why I'm going to benefit from it.
Here's what I want to do :
- When logging in, Ember sends username and password to my /accounts/login endpoint.
- If correct, Rails responds with the authentication token.
- Ember will store the authentication token locally and pass it along with each subsequent requests. I do not want my tokens to expire so users can always close the browser, come back, and still be logged in.
Is there any issues with my approach? What about security?
Take a look at these two Embercasts videos:
Client-side Authentication Part 1
http://www.embercasts.com/episodes/client-side-authentication-part-1
Client-side Authentication Part 2
http://www.embercasts.com/episodes/client-side-authentication-part-2
And this blog post:
Authentication in ember.js
http://log.simplabs.com/post/53016599611/authentication-in-ember-js
I have an rails app which relies on authenticating username/password entered to an external webservice. Rails app will not have a user model. When a user enters login/password and it makes a post request to check that login/password. External application will return back a cookie or token which can be used for subsequent requests made from rails app.
There is no User model in the rails app since all the users are stored in an external application.
Is there a gem which let me strictly do session management? I'm planning on storing that token in a session.
why not just create a sessions controller that saves the token into a session? I don't see a need for a gem.
something like
sessions[:token] = token
If you are dealing with a tokens that expire like facebook you can take a look at this
http://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
hope it helps
I might look at the way Michael Hartl does user sessions in his Rails tutorial. What you want is something slightly different, but you might be able to reuse some of what he did there. http://ruby.railstutorial.org/chapters/sign-in-sign-out#sec-current_user
(It's also just a good tutorial to go through, regardless of your level of Rails experience.)
My problem is as follows:
I have a rails (3.2.8) application that uses devise for authentication. Rails is just a RESTful api and the front-end is a backbone one-page app.
I manage to register and sign-in users, but how can the front-end get that information from the back-end with AJAX ? Basically I want to be able to tell from the front end that this user is logged in and has a session, or tell that the user has not logged in.
Currently I my controllers and models are completely rails-created, I have not touched them.
Googling around produced many tutorials that use the token_authenticatable module, but they had varying implementations and did not offer a explicit solution.
A simple way to do it is let rails handle your sessions. You do this by:
rails generate session_migration
rake db:migrate
Then, store a session value in rails for example:
session[:user_id] = user.id
(where user is an object of your User class)
And then you can constantly ping your rails backend via ajax to check whether the session[:user_id] variable is not null, if it isn't null then a session exists.