I need advice for logging users in when the account information is in a subdomain off the main domain where the login form resides.
I purchased a rails-based framework that by design uses subdomains for user accounts. So, let’s say my “main” domain where the login page is is called live.acme.com.
The way I managed login before was the form on the main home page just asked for a login or email, and when an interim action handler (SessionsController#user_login) it found a user’s account, it redirected to:
There a login form posting to “/session” provided the credentials inputs to log the user in. User supplies login and password, and the post works great, they get logged in and redirected to their home page.
This 2 step process has proven horribly unpopular among my users and I have other reasons for wanting to truncate that process and log the user in programmatically, e.g., at account creation they want to just be logged in, and I want to redirect subscribers right to the billing page where they can consummate a purchase.
The vendor has so far not responded to my plea for advice. Ripping the subdomain logic out was briefly attempted, did not go well, it permeates everything about how the framework operates.
My problem is that when I authenticate the user in the interim action (the one that ordinarily just redirects to /session/new) and attempt to take them to the home page as freshly logged in users, they are mysteriously no longer logged in, and it basically takes them to /session/new. Logging confirms that they are logged_in? in this process, but once the redirect happens to the subdomain, apparently they are not. This, even if I copy the very code in the #create action that works fine when called from /session/new into a method that I call from the interim action handler (SessionsController#user_login).
I’ve tried all kinds of different ways to simulate a post from /session/new to /session in that action handler but no luck. I must be missing some piece of information that would lead to my “Well, duh” moment but it is eluding me right now. Is there something in the session object I can manipulate? It’s using cookie storage. FYI, this is Rails 2.3.2 (yes, I know about the security problem, will apply the patch as soon as I’m done with this code update).
Thanks in advance,