我遇到的问题让我很难过,主要是:
由于此问题取决于我使用的内容,因此这些是主要细节:
从日志中提取行:
*** POST is done to sign in the user ***
Started POST "/users/sign_in" for <ip-1> at 2016-06-13 15:23:25 +0800
Redirected to https://app.blimp.sg/users/
Completed 302 Found in 116ms (ActiveRecord: 7.9ms)
*** Some data needs to be cached on the client-side's localStorage ***
*** So the user is redirected to "/users/after_login" on successful sign in ***
Started GET "/users/after_login?after_initialization_url=" for <ip-1> at 2016-06-13 15:23:29 +0800
Chrome 51.0.2704.84 (Windows, Windows 7)
*** The UsersController#after_login redirects to the sign in page ***
*** if the user is not logged in ***
*** !! The main issue is here, it should not redirect to the sign in page !! ***
Processing by UsersController#after_login as HTML
Redirected to http://app.blimp.sg/users/sign_in
Completed 302 Found in 46ms (ActiveRecord: 2.3ms)
*** The user lands on the sign in page again ***
Started GET "/users/sign_in" for <ip-1> at 2016-06-13 15:23:31 +0800
Processing by Users::SessionsController#new as HTML
*** The user tries to sign in again ***
Started POST "/users/sign_in" for <ip-1> at 2016-06-13 15:24:03 +0800
Redirected to https://app.blimp.sg/users/after_login?after_initialization_url=
Completed 302 Found in 143ms (ActiveRecord: 7.6ms)
*** The user is redirected to the "users/after_login" page again ***
Started GET "/users/after_login?after_initialization_url="
*** This time the action completes with a 200 OK response ***
*** Instead of the user being redirected ***
Processing by UsersController#after_login as HTML
Completed 200 OK in 602ms (Views: 543.5ms | ActiveRecord: 6.2ms)
我省略了一些行,但客户端的所有请求都记录为“Chrome 51.0.2704.84(Windows,Windows 7)”
对于UsersController#after_login操作,整个操作中只有一个重定向行,代码为:
if !app_user.is_signed_in?
redirect_to new_user_session_path
end
我试图调试的事情:
我认为它可能是登录页面的过期CSRF令牌,所以在我的Users :: SessionsController中,我添加了:
skip_before_filter:verify_authenticity_token,:only =&gt; [:创建
但这并没有解决问题。
除此之外,我已经检查了日志,但没有太多运气。 它似乎发生在不同的用户身上,但我无法重现这个问题。
感谢您提供有关可能导致此问题的任何帮助或信息,或建议如何找出问题所在。
请求的会话控制器代码:
class Users::SessionsController < Devise::SessionsController
skip_after_action :verify_authorized
skip_before_filter :verify_authenticity_token, :only => [:create]
# before_filter :configure_sign_in_params, only: [:create]
# GET /resource/sign_in
def new
response.headers.delete "X-Frame-Options"
super
end
# POST /resource/sign_in
# def create
# super
# end
# DELETE /resource/sign_out
def destroy
signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
render json: {message: "signed out"}
end
# protected
# You can put the params you want to permit in the empty array.
# def configure_sign_in_params
# devise_parameter_sanitizer.for(:sign_in) << :attribute
# end
end
我决定添加更多日志记录输出以帮助了解正在发生的事情。 在Users :: SessionsController中,添加了:
def new
response.headers.delete "X-Frame-Options"
super
logger.info "SessionsController#new:: app_user.is_signed_in?=#{app_user.is_signed_in?}"
logger.info "SessionsController#new: session['warden.user.user.key']=#{session['warden.user.user.key']}"
end
def create
super
logger.info "SessionsController#create:: app_user.is_signed_in?=#{app_user.is_signed_in?}"
logger.info "SessionsController#create: session['warden.user.user.key']=#{session['warden.user.user.key']}"
end
并在UsersController中添加:
def after_login
skip_authorization
logger.info "UsersController#after_login:: app_user.is_signed_in?=#{app_user.is_signed_in?}"
logger.info "UsersController#after_login: session['warden.user.user.key']=#{session['warden.user.user.key']}"
...
if !app_user.is_signed_in?
logger.info "Redirecting to new_user_session_path because app_user.is_signed_in?=#{app_user.is_signed_in?}"
redirect_to new_user_session_path
end
当问题发生时会发布另一个更新,我从上面的日志中获得了额外的输出。
已设法从日志中获取上述的额外输出
*** POST to sign in ***
Started POST "/users/sign_in" for <ip-1> at 2016-06-15 09:57:46 +0800
*** Sign in completes successfully ***
*** User is redirected to "users/after_login" page ***
*** session['warden.user.user.key'] has a set value ***
Processing by Users::SessionsController#create as HTML
Redirected to https://app.blimp.sg/users/after_login?after_initialization_url=
SessionsController#create:: app_user.is_signed_in?=true
SessionsController#create: session['warden.user.user.key']=[[<id-1>], "<session-key-1>"]
Completed 302 Found in 104ms (ActiveRecord: 4.1ms)
Started GET "/users/after_login?after_initialization_url=" for <ip-1> at 2016-06-15 09:57:47 +0800
*** session['warden.user.user.key'] has been lost and is now empty ***
Processing by UsersController#after_login as HTML
UsersController#after_login:: app_user.is_signed_in?=false
UsersController#after_login: session['warden.user.user.key']=
Redirecting to new_user_session_path because app_user.is_signed_in?=false
Redirected to http://app.blimp.sg/users/sign_in
Completed 302 Found in 45ms (ActiveRecord: 3.3ms)
*** Redirected to sign in page again ***
Started GET "/users/sign_in" for <ip-1> at 2016-06-15 09:57:47 +0800
Processing by Users::SessionsController#new as HTML
SessionsController#new:: app_user.is_signed_in?=false
SessionsController#new: session['warden.user.user.key']=
*** Second login attempt ***
*** session['warden.user.user.key'] is again set with the same value ***
Started POST "/users/sign_in" for <ip-1> at 2016-06-15 09:57:59 +0800
Redirected to https://app.blimp.sg/users/after_login?after_initialization_url=
SessionsController#create:: app_user.is_signed_in?=true
SessionsController#create: session['warden.user.user.key']=[[<id-1>], "<session-key-1>"]
*** This time the session['warden.user.user.key'] is not lost ***
Started GET "/users/after_login?after_initialization_url=" for <ip-1> at 2016-06-15 09:57:59 +0800
Processing by UsersController#after_login as HTML
UsersController#after_login:: app_user.is_signed_in?=true
UsersController#after_login: session['warden.user.user.key']=[[<id-1>], "<session-key-1>"]
Completed 200 OK in 335ms (Views: 311.1ms | ActiveRecord: 4.4ms)
看来会话确实是第一次成功创建,但似乎有点迷失,任何关于可能导致此问题的想法?
更多地考虑这个问题,我意识到这些用户可能会从旧的子域访问该网站,该网站有两个域:beta.domain.com和app.domain.com
很遗憾,我的服务器日志没有完整的网址,所以我暂时无法验证这一点,但我会更新网站以自动将任何用户从beta.domain.com重定向到app.domain.com并监控如果问题仍然存在。