Discussion:
domain session (cookies) shared across subdomains?
(too old to reply)
iaw4
2017-04-27 15:31:52 UTC
Permalink
dear M users. I am planning to run a hypnotoad server that controls the
entire domain ( syllabus.space ). Thus, I want auth.syllabus.space and
info.syllabus.space to share the session. is this possible? advice
appreciated. regards, /iaw
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Stefan Adams
2017-04-27 16:41:06 UTC
Permalink
Post by iaw4
dear M users. I am planning to run a hypnotoad server that controls the
entire domain ( syllabus.space ). Thus, I want auth.syllabus.space and
info.syllabus.space to share the session. is this possible? advice
appreciated. regards, /iaw
I believe you can just specify *.syllabus.space* for your cookie domain
<http://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain>
.

See Mojolicious::Sessions->cookie_domain
<http://mojolicious.org/perldoc/Mojolicious/Sessions#cookie_domain>
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
iaw4
2017-04-27 16:58:02 UTC
Permalink
thanks, stefan, again. would you have an example? I am using M::Lite with
Mojolyst. so,

...
app->secret( [ 'you', 'me', 'us' ] );
app->sessions->cookie_domain( getfinaltwo( $self->req->url->to_abs->host )
);
app->start();

regards,

/iaw
Post by Stefan Adams
Post by iaw4
dear M users. I am planning to run a hypnotoad server that controls the
entire domain ( syllabus.space ). Thus, I want auth.syllabus.space and
info.syllabus.space to share the session. is this possible? advice
appreciated. regards, /iaw
I believe you can just specify *.syllabus.space* for your cookie domain
<http://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain>
.
See Mojolicious::Sessions->cookie_domain
<http://mojolicious.org/perldoc/Mojolicious/Sessions#cookie_domain>
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Stefan Adams
2017-04-27 19:53:45 UTC
Permalink
Post by iaw4
app->secret( [ 'you', 'me', 'us' ] );
app->sessions->cookie_domain( getfinaltwo( $self->req->url->to_abs->host )
);
app->start();
get '/' => sub {
my $c = shift;
$c->app->sessions->cookie_domain(getfinaltwo($c->req->url->to_abs->host));
$c->session(a=>1)->render(text=>"\n");
};
app->start;
sub getfinaltwo { shift =~ s!^.*?((\.[^\.]+){2})$!$1!r }


*$ env MOJO_LOG_LEVEL=info perl /tmp/cookie get -v -H 'Host:
auth.syllabus.space' /*
GET / HTTP/1.1
Host: auth.syllabus.space
Accept-Encoding: gzip
User-Agent: Mojolicious (Perl)
Content-Length: 0

HTTP/1.1 200 OK
Server: Mojolicious (Perl)
Set-Cookie:
mojolicious=eyJhIjoxLCJleHBpcmVzIjoxNDkzMzI2MzU2fQ----f04ee710665cef6c7380dd579a21efae3fcde802;
expires=Thu, 27 Apr 2017 20:52:36 GMT; *domain=.syllabus.space*; path=/;
HttpOnly
Content-Type: text/html;charset=UTF-8
Date: Thu, 27 Apr 2017 19:52:36 GMT
Content-Length: 1
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
ivo welch
2017-04-27 19:59:37 UTC
Permalink
thanks, stefan. This will do if need be, but I was hoping there was a way
to tell the app the cookie method right from start, rather than sticking
this into each and every url.

----
Ivo Welch (***@gmail.com)
http://www.ivo-welch.info/
J. Fred Weston Distinguished Professor of Finance
Anderson School at UCLA, C524
Free Finance Textbook, http://book.ivo-welch.info/
Exec Editor, Critical Finance Review,
http://www.critical-finance-review.org/
Editor and Publisher, FAMe, http://www.fame-jagazine.com/
Post by Stefan Adams
Post by iaw4
app->secret( [ 'you', 'me', 'us' ] );
app->sessions->cookie_domain( getfinaltwo( $self->req->url->to_abs->host
) );
app->start();
get '/' => sub {
my $c = shift;
$c->app->sessions->cookie_domain(getfinaltwo($c->req->
url->to_abs->host));
$c->session(a=>1)->render(text=>"\n");
};
app->start;
sub getfinaltwo { shift =~ s!^.*?((\.[^\.]+){2})$!$1!r }
auth.syllabus.space' /*
GET / HTTP/1.1
Host: auth.syllabus.space
Accept-Encoding: gzip
User-Agent: Mojolicious (Perl)
Content-Length: 0
HTTP/1.1 200 OK
Server: Mojolicious (Perl)
Set-Cookie: mojolicious=eyJhIjoxLCJleHBpcmVzIjoxNDkzMzI2MzU2fQ----
f04ee710665cef6c7380dd579a21efae3fcde802; expires=Thu, 27 Apr 2017
20:52:36 GMT; *domain=.syllabus.space*; path=/; HttpOnly
Content-Type: text/html;charset=UTF-8
Date: Thu, 27 Apr 2017 19:52:36 GMT
Content-Length: 1
--
You received this message because you are subscribed to a topic in the
Google Groups "Mojolicious" group.
To unsubscribe from this topic, visit https://groups.google.com/d/
topic/mojolicious/r6XS1Tc2OM8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Stefan Adams
2017-04-27 20:03:19 UTC
Permalink
Post by ivo welch
thanks, stefan. This will do if need be, but I was hoping there was a way
to tell the app the cookie method right from start, rather than sticking
this into each and every url.
I imagine you could leverage a hook
<http://mojolicious.org/perldoc/Mojolicious#HOOKS>, like after_dispatch
<http://mojolicious.org/perldoc/Mojolicious#after_dispatch>:

hook after_dispatch => sub {
my $c = shift;
$c->app->sessions->cookie_domain(getfinaltwo($c->req->url->to_abs->host));
};
get '/1' => sub {
my $c = shift;
$c->session(a=>1)->render(text=>"\n");
};
get '/2' => sub {
my $c = shift;
$c->session(b=>2)->render(text=>"\n");
};
app->start;
sub getfinaltwo { shift =~ s!^.*?((\.[^\.]+){2})$!$1!r }
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
iaw4
2017-04-27 21:10:35 UTC
Permalink
thanks, stefan. this is what I will do, but let me see if I can ping the
wizard to see if this can be set globally, so that one does not have to
hook this. this would seem like a good candidate for a global init
setting, just like secret setting.
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Stefan Adams
2017-04-27 21:13:02 UTC
Permalink
Post by iaw4
if this can be set globally
It can (app->sessions->cookie_domain('.syllabus.space');), but I don't
believe that you will be able to specify a request-specific cookie domain
without a hook. AFAIK
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
iaw4
2017-04-27 23:21:36 UTC
Permalink
hi stefan---thanks for the help. it works without the hook, BUT there is a
bug of some sort. I am not clear where.

firefox and safari cannot handle http://subdomain.localhost:3000/ ; only
chrome can. this somewhat limits the testing to this one browser.

run the following code in a chrome browser. there are essentially three
modes now:

1. comment out the "$cookiedomain="localhost"" line, and run on localhost.
cookies cannot cross subdomain, but they work within subdomains. this is
M's normal behavior.

2. leave as is and run on localhost. chrome is now no longer able to
change the cookie. it can still read the old cookie (set with 1).

3. comment out the "$cookiedomain="localhost" line, replace with the
subsequent line (syllabus.space or whatever other domain you may have lying
around), and run the code on this server domain. everything works
perfectly now. the session can cross subdomains.

I don't know whether this is an M bug or a chrome-localhost bug. this
makes testing more difficult. the code can now run only in final
production mode on the specific server, or I "hand-hook" it.

#!/usr/bin/env perl
use Mojolicious::Lite;

my $cookiedomain;

$cookiedomain= "localhost"; ## comment out to leave cookiedomain undef;
then it works for each subdomain, but cookies cannot cross
## $cookiedomain= "syllabus.space"; ## this works just fine when on ;
cookies can cross

get '/' => sub {
my $c= shift;
## not needed: ($cookiedomain) and
$c->app->sessions->cookie_domain($cookiedomain);
my $fulldomain= $c->req->url->to_abs->host;
($fulldomain =~ /$cookiedomain/) or die "please update the cookie domain
to $fulldomain";

my $incookie= $c->session->{nicecookie} || "NO INCOOKIE DEFINED";
$c->session->{nicecookie}= time()." at ".$fulldomain;
my $outcookie= $c->session->{nicecookie};

my $bigdomain= $cookiedomain || "localhost";
my $texts= qq(
<h1> cookie tester </h1>
<p>our incookie was '$incookie'</p>
<p>our outcookie is '$outcookie'</p>
<hr />
<p>you are currently in domain '$fulldomain' ($bigdomain)</p>
<hr />
<p>main domain <a href='http://$bigdomain:3000/'>go to /</a></p>
<p>subdomain <a href='http://s1.$bigdomain:3000/'>go to /s1</a></p>
<p>subdomain <a href='http://s2.$bigdomain:3000/'>go to /s2</a></p>
<hr />
<p>the cookiedomain is $cookiedomain.</p>
);

$c->render(text => $texts);
};

($cookiedomain) and app->sessions->cookie_domain($cookiedomain);
app->start;


/iaw
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Stefan Adams
2017-04-28 03:36:59 UTC
Permalink
Post by iaw4
I don't know whether this is an M bug or a chrome-localhost bug. this
makes testing more difficult. the code can now run only in final
production mode on the specific server, or I "hand-hook" it.
Again, there are no bugs with Mojolicious, not at this level. ;)

Try setting $cookiedomain = "www.localhost" and then try your test again
browsing to http://www.localhost. According to the Netscape cookie spec
<https://curl.haxx.se/rfc/cookie_spec.html>, "Only hosts within the
specified domain can set a cookie for a domain *and domains must have at
least two (2) or three (3) periods in them*"
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Loading...