I have to run rails on a shared host for a client via cPanel.
The application is running on a subdomain and non standard port.
I am using Authlogic, so on the first visit it detects I am not logged in and I get a page with:
You are being redirected.
Clicking on that I get the login form, which then takes me to the target page, with the same redirect message. So the model detects the login, but no cookie or session is ever created.
I have tried the following with no success:
config.action_controller.session = {:domain => '.bbbb.com'}
I've also tried using an active record session with same result.
Please help :)
Thanks
Are you using, or have you looked at SubDomainFu?
http://github.com/mbleigh/subdomain-fu
Related
Wondering if someone can help me understand this peculiar behaviour I am seeing with the AWS ALB redirects.
We have a web application running on EC2 instance which shows three different types of login pages when the correct context path is used like below which works fine:
https:///ucmdb-browser (redirects to the default application login page)
https:///console (redirects to the administration login)
https:///status (redirects to the applicaiton status page)
and
https://<internal-ec2-fqdn/ (Page not found)
So all working as expected.
This Web application is now fronted with AWS ALB so it can be accessed from outside world.
where if someone types:
https://<externalalb-fqdn/ (should redirect to /ucmdb-browser and show the login page)
https://<externalalb-fqdn/ucmdb-browser (should redirect to /ucmdb-browser and show the login page)
https://<externalalb-fqdn/status (should redirect to /status page)
https://<externalalb-fqdn/console (should redirect to admin login page)
https://<externalalb-fqdn/ (should redirect to custom 404 error)
To do this, my settings in AWS listener looks like below:
enter image description here
Now the issue is, whenever I type, any of the URLs, it is being forwarded to 404 page only and unless I change the last default action rule to the actual UCMDB target group.
But that defeats the purpose because one could type any context path whatsoever and it still transfer the request to the application server.
Not sure what wrong I am doing but I have tried all the various combinations I can think of.
Any help is appreciated.
I got my web platform built on ruby on rails at https://example.com
My landing and about pages are hosted in a Wordpress in other host at https://examplecms.com.
What i would like to achieve is to make users to visit https://example.com get masked https://examplecms.com except when they are logged in as my platform's dashboard is routed in the root path /.
What i am trying to avoid is the user to see in the URL https://examplecms.com.
I've tried so far a couple of tricks:
In my home/index action controller i've redirected to https://examplecms.com if the user is not signed in. But this fails as it still shows the CMS url in the user's browser.
Using an Iframe in the render of the home/index view pointing to the CMS site. It works because it stills present my site URL correctly but this seems kind of fishy also deep linking and navigating does not seem to work correctly.
I have been thinking into doing at proxy server level, using .htaccess or even using DNS strategies but i can't come up for a solution to these strategies to detect when the user is signed in or not?
Any ideas?
Thanks
Update:
Stack:
Ubuntu
Ruby on Rails
Nginx + passenger
Amazon Ec2 + Cloudflare DNS
You can use http://nginx.org/r/proxy_pass to silently redirect the user to a different page, without changing the URL that's shown to the user within the Location field of the browser.
To check whether the user is logged in, you can install an error handler via http://nginx.org/r/error_page to redirect the user only if your normal page returns an error (e.g., if the normal proxy_pass results in a 403 Forbidden response, then redirect the user's request to the alternative proxy_pass upstream as per the error handler).
What you're looking for is route scopes. I'm using Devise for authentication, which provides helpers for doing what you want, but I have no doubt you can adjust for your needs. When a user hits any page on the site, they are automatically redirected to the login. If they are logged in, they are redirected to the homepage/URL they typed in.
authenticated :user do
root to: 'titles#index'
end
devise_scope :user do
root to: 'devise/sessions#new'
end
Create a subdomain
For your WordPress hosted web content, you could create a very simple subdomain on your hosting provider like so
blog.example.com that is alias to examplecms.com
Use Device Gem for Authentication
You can use the device gem to authenticate the user and route the user to the subdomain. When the user hits the /root_path.
I am stuck at one point. We have to implement a feature which will redirect to login page with a message saying "Your session is expired, please login again!".
For this, I planned to redirect to a URL but redirection is not working! Following is the situation in my environment.
Grails Server:
http://SERVER_ONE/MyApp
Widgets (UI) Server:
http://SERVER_TWO/widgets/myWidget (different from grails server)
Login page:
http://SERVER_TWO/widgets/login
Config.groovy file already contains grails.serverURL = "http://SERVER_TWO/widgets/"
When I access the URL directly from grails server, e.g.
http://SERVER_ONE/MyApp
with invalid session, redirection works fine.
But redirection doesn't work when accessed from Widget page which is running on different server.
Redirect code is as following
redirect(uri: "http://SERVER_TWO/widgets/login?sessionExpired=true")
It would be great help to me, kindly respond, as I am relatively new to Grails development.
Do you have your sessions distributed across the servers? By default sessions are not cross-server.
Let's say I have an application that's going to be accessed from completely different domains that all point at the same server*:
example.com, example.net, foobar.com, ...
I have a Devise based authentication system that's worked fine before. However, the goal is now to add HTTPS to the sign in system. The problem is, as it turns out, there is no way to host more than one HTTPS website on the same IP address**. To resolve this problem, I set up the login pages to always POST to https://secure.example.com. As far as I can tell, this is working fine. Devise seems to have no qualm with it. However, the tricky part is that the user now needs to be redirected to foobar.com, which also needs to understand that the user is logged in. I pass the site to return to in a hidden parameter in the login form, and the redirection works fine. I still have no way to inform foobar.com that the user is now logged in.
I've managed to set it up so that, upon being returned to foobar.com, it copies the user's session cookie for secure.example.com into a new cookie for foobar.com. This part is working fine. However, in the Rails console, the web requests for secure.example.com and foobar.com - with the same cookie sent for each - produce two completely different sessions and therefore, it's no wonder Devise acts like the user was never logged in to foobar.com
Does anyone know why this wouldn't work - why two identical web requests (only the domain of the request URI was different - I tried it in Firebug, too) would produce two completely different sessions in a Rails 3 app with different, yet consistent, session ids? More to the point, does anyone know how to MAKE this work?
* assume, for the purposes of this exercise, that this is unavoidable and the sites cannot be hosted all under different subdomains, and that the number of domains required is too great to get a separate IP address for each.
** unless they're subdomains and you have an *.example.com cert, but that's beside the point.
If you're already using Devise, I suggest you try using token authenticatable. You can generate a token for the user in question, redirect them with the token to sign in, and then quickly expire the token after they have signed in.
You could also try rolling your own OAuth provider with doorkeeper.
Context: A rails app with authlogic for sigup and login
Setup info: Rails 2.3.2
A controller called posts with an action 'show'.
Upon login, I display the posts/index page.
and when the user clicks on an item, item's details get displayed. Fairly standard stuff.
All of this works fine and dandy both in Development and Production (Apache with Passenger 2.2.5 on ubuntu and mysql) EXCEPT for the following problem in one case:
Problem:
ONLY on Firefox/Safari/Chrome (IE7 is Ok) and ONLY in PRODUCTION,
When the user logs in for the very FIRST time in a new session
(open new browser,type in url), the index page is displayed fine
and when an item is clicked, the user gets mysteriously LOGGED OUT
(current_user returns null).
When you login again, everything is BACK to normal - you can logout and login any number of times and no problem - UNTIL you close the browser and start again.
Any other action besides 'show' has the current_user preserved and works fine.
QUESTION:
How is the user session getting lost on a call like this
posts/id only once - the first time ?
The show action doesn't do anything special.
I have used both ActiveRecord Store and Cookies for Session Management with same behavior.
Anybody got any clues, greatly appreciated!
This might be happening because the user is getting redirected from:
http://yoursite.com to http://www.yoursite.com
Here's a blog that mentions this problem:
http://garrickvanburen.com/archive/rails-cookie-settings-for-cross-subdomain-sessions
To paraphrase the blog:
The fix is to set:
config.action_controller.session[:domain] = '.YOURDOMAIN.COM'
inside of environment.rb (Make sure to prefix it with the .). That will make cookies work for both www.yourdomain.com and yourdomain.com (as well as any other subdomains).
This technique is also discussed here:
Losing session in rails 2.3.2 app using subdomain