Created
February 5, 2017 11:49
-
-
Save pawelniewie/cc03c782d0872930b1a662eb30a9b372 to your computer and use it in GitHub Desktop.
Header/param based sessions for iframes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//= require_self | |
//= require service_buttons | |
//= require error_reporting | |
$(function () { | |
var token = $('meta[name=token]').attr('content'); | |
AJS.$.ajaxPrefilter(function(options) { | |
if (token) { | |
options.url += ~options.url.indexOf('?') ? '&' : '?'; | |
options.url += 'X-Cookie' + '=' + token; | |
} | |
}); | |
AJS.$.ajaxSetup({ | |
ajaxComplete: function (event, xhr) { | |
token = xhr.getResponseHeader('X-Cookie'); | |
} | |
}); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class ProtectedController < ApplicationController | |
before_action do |_controller| | |
authenticate_user_by_other_means unless session[:user_id] | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module ApplicationHelper | |
def create_session_token | |
session.id | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class Session < ActiveRecord::SessionStore::Session | |
default_scope -> { where('expires_at > ? OR expires_at IS NULL', Time.now) } | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
doctype html | |
html | |
head | |
/ Parts ommited for brevity | |
meta name = 'token' content = create_session_token | |
= yield :head | |
= render 'analytics' | |
= stylesheet_link_tag :application | |
= javascript_include_tag :application | |
body class=body_class | |
== yield |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Be sure to restart your server when you modify this file. | |
Logger.silencer = false | |
ActiveRecord::SessionStore::Session.serializer = :json | |
ActionDispatch::Session::ActiveRecordStore.session_class = Session | |
class HeaderSessionStore < ActionDispatch::Session::ActiveRecordStore | |
private | |
def set_cookie(_request, response, cookie) | |
response.headers[key] = cookie[:value] | |
Session.find_by_session_id(cookie[:value]) | |
.update_attribute(:expires_at, cookie[:expires]) if cookie[:expires].present? | |
end | |
end | |
Rails.application.config.session_store HeaderSessionStore, key: "X-Cookie", cookie_only: false, expire_after: 1.hour |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment