Accessing Rails cookies by domain - ruby-on-rails

I have a situation in which two cookies have the same name but slightly different domains (cookie1 has the domain example.com whereas cookie2 has sub-domain inclusive .example.com).
cookies[ :cookie_name ] = { :value => "test_value_cookie_1", :domain => "example.com" }
cookies[ :cookie_name ] = { :value => "test_value_cookie_2", :domain => ".example.com" }
I want to detect when both cookies exist, but unfortunately I can't out figure how to access a cookie by it's own domain. I can say
if cookies[ :cookie_name ].blank?
but how do I say
if cookies[ :cookie_name, :domain => ".example.com" ].blank?
or
if cookies[ :cookie_name ].domain[ ".example.com" ].blank?
I'm using "actionpack-2.3.11/lib/action_controller/cookies". I don't understand why you can set information like the domain, but not access it.

Apparently what I wanted to do was impossible. The HTTP spec only allows cookies to be accessed by name even though they can be set by domain:
When requesting a URL from an HTTP server, the browser will match the
URL against all cookies and if any of them match, a line containing
the name/value pairs of all matching cookies will be included in the
HTTP request. Here is the format of that line: Cookie:
NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...
http://curl.haxx.se/rfc/cookie_spec.html

Related

Unable to create cookie if it has a domain

My controller has the following code
cookies[:book] = { :value => "Kids Puzzles", :expires => 2.years.from_now, :domain => "foo.com" }
Unable to create cookie if it has a domain which is different than the server in which the application is running. How should I create/delete a cookie in such cases.
You can't do that.
You can set a cookie for example.com within an app running at app.example.com but not for foo.com.

Rails: how can I share permanent cookies across multiple subdomains?

My app's register and login processes take place on a secure subdomain. For this reason, I have modified config/initializers/session_store.rb to look like
if Rails.env.production?
AppName::Application.config.session_store :cookie_store, :key => '_app_name_session', :domain => '.app_name.com'
else
AppName::Application.config.session_store :cookie_store, :key => '_app_name_session'
end
so that the session can be shared across sub domains.
How can I share permanent cookies accross subdomains so that when I set a permanent cookie
on one subdomain via cookies.permanent[:some_key] = 'some value', I can access that cookie on another subdomain via cookies[:some_key]?
You need to specify the domain using a more verbose cookie setting method:
cookies[:some_cookie] = {
:value => "whatever",
:domain => ".app_name.com",
:expires => 1.year.from_now.utc
}
I haven't found a configuration setting to do this globally yet.

Subdomain cookie sharing in Rails 3 is not working (on Heroku)?

I'm trying to have cookies on my site dapshare.com work for both the root address and the 'www' subdomain.
A lot of other stackoverflow answers (and the great Railscasts vid on this topic) have suggested adding this line to session_store.rb:
Dapshare::Application.config.session_store :cookie_store, :key => '_dapshare_session', :domain => :all
This doesn't seem to make a difference: if I log in at dapshare.com, I still am not logged in at www.dapshare.com.
Am I doing something wrong here? I am using the following code to store information in the cookie:
cookies.permanent.signed[:thing_to_store] = store_information
Thanks for any help!
Short answer: using the 'cookies[:new_cookie] =' does not seem to grab the domain from the session_store config settings.
I added the :domain to the new cookie and it now works:
cookies.permanent.signed[:new_cookie] = {:value => new_value, :domain => ".dapshare.com"}
For anyone else reading, you also need to specify the domain when deleting the cookie
cookies.delete :new_cookie, :domain => ".dapshare.com"
(Thanks for your help with diagnosis Andrew Marshall.)
You can actually just specify your cookies using domain => :all instead of domain => '.dapshare.com' in Rails 3.1 +:
cookies.permanent.signed[:new_cookie] = {:value => new_value, :domain => :all}
This more flexible than outright specifying a string domain. Now your application won't break on a different production domain.
I encountered this issue, when passing :all doesn't seems to work properly. If you want to use only for subdomains try the following:
Dapshare::Application.config.session_store :cookie_store, :key => '_dapshare_session', :domain => '.dapshare.com'

Rails 3: Can't seem to write cookies for top level domain :(

I setup the cookie store to domain => :all, like I could find in documentation and it seems to work, because devise's authentication works across the multiple domain.
MyApp::Application.config.session_store :cookie_store, :key => '_MyApp.com_session', :domain => :all
However when I am trying myself to write to a cookie, it always write down the sub domain... I don't get it:
I write the cookie in the simplest manner possible:
cookies.permanent[:remember_locale] = locale
But no matter what it won't set it for the top level domain whereas the one dropped by devise seems to manage it without a problem :(
Alex
ps: I am using rails 3.0.3
The configuration for the session_store only applies to the session cookie. When setting a separate cookie you have to specify the domain for that cookie as well.
cookies.permanent[:remember_locale] = { :value => locale, :domain => :all }
Note (pulled from rails source):
# Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
#
# cookies[:key] = {
# :value => 'a yummy cookie',
# :expires => 1.year.from_now,
# :domain => 'domain.com'
# }
#
# cookies.delete(:key, :domain => 'domain.com')

Rails: generate a full URL in an ActionMailer view

I'm using ActionMailer to send a sign up confirmation email. The email needs to contain a link back to the site to verify the user, but I can't persuade Rails to generate a full URL (including the domain etc).
I'm using:
<%= url_for :controller => 'login', :action => 'verify', :guid => #user.new_user.guid, :only_path => false, :host => 'http://plantality.com' %>
in my view
Part b:
In development mode Rails gripes if I don't specify the host explicilty in the link above. But I don't want to do this in production. Any solutions?
To solve the problem to pass a host for generating URLs in ActionMailer, check out this plugin and the reason why I wrote it.
To solve the first issue, use named routes when applicable. Instead of
<%= url_for :controller => 'login', :action => 'verify', :guid => #user.new_user.guid, :only_path => false, :host => 'http://plantality.com' %>
assuming the route is called login, use
<%= login_url(:guid => #user.new_user.guid) %>
Note, I'm using login_url, not login_path.
I'm not sure if it is what you want but in config/environments/development.rb you can specify default options for mailer urls
config.action_mailer.default_url_options = {
:host => "your.host.org",
:port => 3000
}
you can do the same in config/environments/production.rb
I don't know why the previous solutions seem so complicated, but since I'm here why not give my 2 cents...
Go to /config/environments and add:
config.absolute_site_url = 'your site url'
for the respective environment (ie. in development.rb, test.rb, or production.rb). Restart web server.
This allows you to call Rails.application.config.absolute_site_url to get the desired URL. No need for plugins or weird cheat, just store the site url as an application wide variable.
I think its not 100% correct way but this can also be a solution :
See the Using asset hosts section in the documentation. You need to specify an asset_host. You can also construct it dynamically from the request chaining "#{request.protocol}#{request.host_with_port}/login/?guid=#{#user.new_user.guid}"
To generate url, try this
Rails.application.routes.url_helpers.user_url(User.first.id, host: 'yourhost.io')
this will generate url like this:
http://yourhost.io/users/1
As well you can pass some params
expires = Time.now + 2.days
params = {expires: expires}
u = User.first.id
Rails.application.routes.url_helpers.user_url(u, params, host: 'host.com')
will generate:
http://yourhost.io/users/1.expires=2018-08-12+15%253A52%253A15+%252B0300
so you can werifi in action if link is not expired

Resources