Cannot login to a rails3/devise site when using https and Internet Explorer
182 views
Skip to first unread message
Martin Bayly
Apr 20, 2011, 1:08:23 PM4/20/11
to Devise
We recently switched our rails3 web site login over to use https.
Unfortunately, this is preventing users using Internet Explorer from
logging into our site.
The problem seems to be the issue described in this SO post:
http://stackoverflow.com/questions/2577026/cookie-not-renewing-overwriting-in-ie
I've confirmed using Fiddler that IE is indeed sending two cookies
when devise issues a redirect following a successful login. Then
rails seems to using the first non-authenticated session cookie to re-
establish the session, hence our site thinks the user is not logged
in.
Wondering if anyone has experienced this and knows a workaround. In
the SO post, the solution seemed to be to always issue cookies using
the base domain. When logging into our site with https, we use a
subdomain e.g. secure.outsite.com rather than just oursite.com.
Anyone know whether we can change something in our Rails/Devise config
to cause the session cookies to be issued with the base domain?
Logging in with https works fine in other browsers and when using http
in IE.
Thanks
Martin
Unfortunately, this is preventing users using Internet Explorer from
logging into our site.
The problem seems to be the issue described in this SO post:
http://stackoverflow.com/questions/2577026/cookie-not-renewing-overwriting-in-ie
I've confirmed using Fiddler that IE is indeed sending two cookies
when devise issues a redirect following a successful login. Then
rails seems to using the first non-authenticated session cookie to re-
establish the session, hence our site thinks the user is not logged
in.
Wondering if anyone has experienced this and knows a workaround. In
the SO post, the solution seemed to be to always issue cookies using
the base domain. When logging into our site with https, we use a
subdomain e.g. secure.outsite.com rather than just oursite.com.
Anyone know whether we can change something in our Rails/Devise config
to cause the session cookies to be issued with the base domain?
Logging in with https works fine in other browsers and when using http
in IE.
Thanks
Martin
José Valim
Apr 21, 2011, 3:25:35 AM4/21/11
to Devise
There is a configuration option called cookie_options, you can
configure this stuff there. You can pass the same options you would
pass when creating a Rails cookie.
On Apr 20, 7:08 pm, Martin Bayly <mar...@parkbayly.net> wrote:
> We recently switched our rails3 web site login over to use https.
> Unfortunately, this is preventing users using Internet Explorer from
> logging into our site.
>
> The problem seems to be the issue described in this SO post:http://stackoverflow.com/questions/2577026/cookie-not-renewing-overwr...
configure this stuff there. You can pass the same options you would
pass when creating a Rails cookie.
On Apr 20, 7:08 pm, Martin Bayly <mar...@parkbayly.net> wrote:
> We recently switched our rails3 web site login over to use https.
> Unfortunately, this is preventing users using Internet Explorer from
> logging into our site.
>
Nic Willemse
Jun 30, 2014, 1:59:50 PM6/30/14
to plataforma...@googlegroups.com
Hi Martin,
I suspect I may be having a similar problem in rails 4 - did you find a solution ?
Regards,
Nic
Reply all
Reply to author
Forward
0 new messages