问题描述
我使用的是Ruby On Rails 3.0.9,一切都在开发环境中运行正常。当我切换到生产环境,或者我将其上传到我们的服务器,登录后我被带回到同一个登录页面。当我查看日志时,我可以看到以下内容: 在Thu开始POST / / users / login为127.0.0.1 10月03 16:48:13 -0300 2013
UserSessionsController处理#create as HTML
参数:{user=> {password=>[FILTERED],login ="demo_admin},utf8=>✓,authenticity_token=>+ 7AEoVXZ9XiagEymVUnOhFHnck4rgDu883E / ySMlCxQ =}
重定向到http:// localhost:3000 / admin
完成302发现在111ms
在Thu Oct 03 16:48:13 -0300 2013启动GET/ admin127.0.0.1
由管理员处理:DashboardController #index as HTML
完成401未授权在1ms
我按顺序使用authorization_rules文件管理访问权限,但是我已经在Dev env中没有问题,如前所述。
如果我在 admin /操作系统#index
操作,它不会被执行,因为它没有达到。它打破了httpserver文件(我一步一步地调试),但我不明白为什么它在Dev上工作,而不是在Prod env。
请帮助。 p>
感谢
Brian
更新
$ b $我要提到,在我的 ApplicationController
中,有一个名为 check_plan_features
的before_filter,它要求的第一件事是,除非current_user.blank? #redirects到管理员部分
。 我注意到,登录后,使用Devise, current_user
具有用户的价值,但是在重定向到管理部分之后,它返回到相同的过滤器,而这次, current_user
为null。 所以,我假设,不知何故,用户的会话在尝试访问管理部分后被销毁。但是,由于这只是在生产环境中发生,我仍然在想,可能是什么。
有这个确切的问题(使用rails 4和devise 3)。
解决方案是向 config / initializers / session_store添加域声明。 rb
这样的文件:
YourAppName :: Application.config.session_store:cookie_store,key:' _your_session',domain:{
production:'production_domain',
development:'development_domain'
} .fetch(Rails.env.to_sym,:all)
尽管重要的是,由于向应用程序添加了子域,因此最初发生了更改。
I'm using Ruby On Rails 3.0.9 and everything works fine on Development env. When I switch to Production env, or I upload it to our server, after sign in I'm taken back to the same Login page. When I check the log, I can see the following:
Started POST "/users/login" for 127.0.0.1 at Thu Oct 03 16:48:13 -0300 2013
Processing by UserSessionsController#create as HTML
Parameters: {"user"=>{"password"=>"[FILTERED]", "login"=>"demo_admin"}, "utf8"=>"✓", "authenticity_token"=>"+7AEoVXZ9XiagEymVUnOhFHnck4rgDu883E/ySMlCxQ="}
Redirected to http://localhost:3000/admin
Completed 302 Found in 111ms
Started GET "/admin" for 127.0.0.1 at Thu Oct 03 16:48:13 -0300 2013
Processing by Admin::DashboardController#index as HTML
Completed 401 Unauthorized in 1ms
I'm using authorization_rules file in order to manage access, but I've got no problem on Dev env, as I said before.
If I place a breakpoint at the admin/dashboard#index
action, it won't be executed, as it's not reached. It breaks at httpserver file (I debugged it step by step), but I cannot understand why it works on Dev and not on Prod env.
Please, help.
Thanks,Brian
UPDATE
I forgor to mention that, in my ApplicationController
, there's a before_filter called check_plan_features
and the first thing it asks is unless current_user.blank? #redirects to Admin section
.
I've noticed that after signing in, using Devise, current_user
has the user's value, but when after redirecting to the admin section, it comes back to the same filter, and this time, the current_user
is null. So, I assume that, somehow, the user's session is destroyed after trying to access Admin section. But, as this only happens on production environment, I'm still wondering what could be.
I just had this exact problem (using rails 4 and devise 3).
The solution was to add a domain declaration to the config/initializers/session_store.rb
file like this:
YourAppName::Application.config.session_store :cookie_store, key: '_your_session', domain: {
production: 'production_domain',
development: 'development_domain'
}.fetch(Rails.env.to_sym, :all)
Though it is important that this was changed initially due to adding sub-domains to the application.
这篇关于Rails - 401当我在生产中访问动作时未经授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!