{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 We Are One 的问题《Persisting user sessions when switching to a new d》','https://www.manongdao.com/q-710143.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
My Rails app is currently available at example.org, but I want to switch to example.com
Doing a wildcard 301 redirect in routes.rb isn't a problem, but I would like to persist the user sessions as well. Since the new domain won't have access to the cookies of the old domain, what's the best (secure and as easy as possible) way to redirect the user to the new domain and still have him/her signed in?
I've found numerous of threads talking about setting up cross-domain web apps using complicated authentication tokens methods, but I'm looking for a one-time one-way migration so I'm hoping the solution will be simpler for this.
Any suggestions?
I'm using Ruby on Rails 3, OmniAuth, and using the default 'cookie_store' as my session store.
You could just do it the same way as when you might send an email link with an authentication token. Check to verify that the cookie is correct on
example.organd, if it is, redirect them to:and then check to make sure the token matches the one you have in the DB when they arrive. If the token does match, create the session cookie for the
example.comdomain and then change the token in the database.This will successfully transfer from one domain to another while providing persistent login on the new domain (via cookie) and shutting the door behind them by changing the authentication token in the DB.
EDIT
To answer your question below, I don't think you need middleware or anything fancy. You could do a simple before filter in the application controller of example.org, something like:
That will redirect the user either way, and append the token to the query if the user is signed in on the .org site.