How do you create one session cookie for multiple subdomains

I am using the restful authentication plugin and am always prompted to
login if a different subdomain is accessed. I have found a couple rails
“solutions”, but none of them seem to work:

development.rb

  1. ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key]
    = “.localhost”
  2. ActionController::Base.session_options[:key] = “.localhost”

Does anyone have a way that works?

Thanks

On 19 Jun 2008, at 20:38, Chris O. wrote:

  1. ActionController::Base.session_options[:key] = “.localhost”

config.action_controller.session = {
:session_domain => ‘texperts.local’,

}

works for me. session_key is the name of the cookie

Fred

Frederick C. wrote:

config.action_controller.session = {
:session_domain => ‘texperts.local’,

}

After making the changes that you suggested I continually get
InvalidAuthenticityToken exceptions. When I turned of
protect_from_forgery I obviously never got the exceptions, but I was
still unable to have one session key for more than one subdomain.

This is what I now have:
config.action_controller.session = {
:session_domain => “.local”,
:session_key => ‘_app_session’,
:secret => ‘secret_key’
}

Is there anything that I am missing?

Frederick C. wrote:

You can’t set cookies for a top level domain like .local (in the same
way that you can’t set a cookie for .com) the domain you set a cookie
for must have at least two components (there are a lot of
complications etc… see The Opera Blog - News | Opera
267415 for example)

Fred

Thanks for the info Fred. Once I set up my hosts file to point
myappname.localhost to the loopback address (along with some additional
test subdomains) and made all test app requests to that url, it allowed
the cookie to be shared nicely.

Thanks again.

On 19 Jun 2008, at 21:38, Chris O. wrote:

still unable to have one session key for more than one subdomain.

This is what I now have:
config.action_controller.session = {
:session_domain => “.local”,
:session_key => ‘_app_session’,
:secret => ‘secret_key’
}

Is there anything that I am missing?

You can’t set cookies for a top level domain like .local (in the same
way that you can’t set a cookie for .com) the domain you set a cookie
for must have at least two components (there are a lot of
complications etc… see The Opera Blog - News | Opera
267415 for example)

Fred

Chris O. wrote:

Frederick C. wrote:

You can’t set cookies for a top level domain like .local (in the same
way that you can’t set a cookie for .com) the domain you set a cookie
for must have at least two components (there are a lot of
complications etc… see The Opera Blog - News | Opera
267415 for example)

In case anyone had the same issue – I was trying to get cross-subdomain
cookies, as above. I followed the instructions… set my session_domain
to “.myapp.local” to get around the issue Fred mentions, added some
aliases to /etc/hosts, cleared my cookies, tried to log in to my app.
And I was still getting InvalidAuthenticityToken errors.

Turns out all I needed to do was restart Firefox. No idea why that
worked, but the InvalidAuthenticityToken errors stopped.

ymmv of course.