I have two apps, one in Rails, and one in Merb. Both use cookie based
session store, and are in the same domain. I set the session key and
secret to be exactly the same in both apps, but they don’t seem to get
the session data of each other.
When I try to print the cookies in each of them, I see that in the
cookies hash the value to the session key are different, for example:
I have two apps, one in Rails, and one in Merb. Both use cookie based
session store, and are in the same domain. I set the session key and
secret to be exactly the same in both apps, but they don’t seem to get
the session data of each other.
In the same domain (ie rails.example.com & merb.example.com) or
actually using the same hostname. If the former then you need to set
the session domain to be a common suffix of the two (ie example.com)
in this example.
Although in the future they will probably be in two different sub
domains, currently I’m experimenting both under localhost, with
different ports.
And another interesting problem is that, though the two apps are not
reading each others’ session data, setting the session key and secret
to be the same affects both. For example, after logging into the Rails
app, go to the Merb one and log in, and go back to the Rails one and
it’s no logger logged in (same for the other direction). It appears to
be that both apps try to overwrite the session, but may not
necessarily be the case.
After looking at Rails and Merb’s source code, I almost sure they
store session data in the same way (but not verified with any official
source).
One important thing I might forget to mention is that the session data
in the two apps are not exactly the same. Something stores in the
session of one may not be in the session of the other. Will this cause
the failure of sharing session between the two, assuming they store
sessions in the same way?