tags:

views:

29

answers:

2
Q: 

Copying cookies from main domain to subdomain

My application has a userspace which used to be accessed by a url like domain.com/~username, but I am in the process of converting that to using subdomains instead (username.domain.com). However, I am running into an issue that I'm hoping someone might have an idea of how to get around.

Currently, visitors to a user's site get a cookie of the form user<id>_authentication (where <id> is the user ID of the site they're visiting), which is set to have the domain www.domain.com. However, now that I'm switching to subdomains, I want to find those cookies and transfer them to a new cookie called authentication per subdomain, using the subdomain as the cookie domain. However, the rails cookies array does not find the main domain cookies.

I know that if the old cookies were using .domain.com as the domain instead, they'd apply to the subdomain and would be present in cookies, but these cookies are already existing, and I'm trying to make the change as seamless for a user as possible -- so if they had an authentication cookie already for a site, I want them to not have to reauthenticate if at all possible.

Is there any way I can get the cookies from the main domain or does anyone have another suggestion of how I can transfer the cookies?

Update: Sorry, I didn't make it clear before, the cookie is only set if the visitor actively authenticates themselves by submitting a form on the user's site.

+1  A: 

Personally I think they should have to re-authenticate.. it will only happen once, then they'll have the new ".domain.com" cookie.

But... One way to achieve this would be to check for the new cookie and when failing to find it, redirect to a new page on the main domain, providing the return url.

In that new page, check for the old style cookie, set the new style cookie, and redirect to the original url. if they don't have the old style cookie, redirect to the login area.

hope this helps.

Fosco  2010-07-08 15:46:07
Sorry, I think I was a bit unclear; the cookie is only set if a visitor actively authenticates themselves on the user's site (by filling out a form). A redirection is a good idea that I hadn't considered, but wouldn't that cause extra unnecessary redirects if no main domain cookie exists?
Daniel Vandersluis  2010-07-08 15:49:29
Yes it would, but the old cookie is ONLY available to the MAIN domain so there would be no other way of checking. That's why I recommend not doing it at all... Let them re-authenticate.
Fosco  2010-07-08 15:52:54
+1  A: 

If you change the cookie domain to be more permissive (applying to more sub domains) you have no way to read the old, more restricted cookies except from the top level domain that used to work.

You will have to read the cookie, authenticate, and then write a new more permissive cookie before the cookie can be read by the subdomain.

You can roll out your migration logic in advance of the feature and hope you get most people. The rest will have to re-authenticate manually.

Winfield  2010-07-08 17:46:26
Yeah, I thought about having a way for cookies to be updated before the migration to be subdomain non-specific, but as you said, that still won't catch everyone, because it relies on users not only going to the main site, but going to every authenticated user's site before some deadline when the feature is rolled out.
Daniel Vandersluis  2010-07-08 17:54:16

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.