- Using Rails 4.1.8
- People can have a custom domain to use with our app
- For some actions, we use ssl and redirect them to the domain we provide them
- If the person has a custom domain, I want as much of their time using the app to be on that domain
- I need a way to carry sessions/cookies over to another domain
- This, for example, will allow them to use ssl to sign in on our domain and I can redirect them back to their custom domain, signed in there
- Using session-injector gem
- I think more current versions of Rails have made what session-injector does restricted because of security concerns
- Use Devise's
after_sign_in_path_for
to make the custom domain the host and create an auth token that is attached as a param (quick expiration period) - Have a before filter that checks for the token param and logs in the associated user if there is one
- This logs the user in on both domains, the one we provide and their custom one
- Logging out does what you'd expect
- Logging back in redirects to our provided domain (ssl) which they are still logged into...
I'm looking for a way to get this done via a way similar to how session-injector does it. Keeping the logic at a lower level.
Im trying to do the same, but with no reliable results