Session Cookie & Domains

Rails
1

Is there a way to tell Rails to always use the full domain for the
session cookie? This is necessary if you want to allow people to be
logged in to both app1.mysite.com and app2.mysite.com with separate
sessions.

2

On 3/18/07, S. Robert J. [email protected] wrote:

Is there a way to tell Rails to always use the full domain for the
session cookie? This is necessary if you want to allow people to be
logged in to both app1.mysite.com and app2.mysite.com with separate
sessions.

Use the session class method in your controller to set session options:
http://api.rubyonrails.org/classes/ActionController/SessionManagement/ClassMethods.html#M000128

The options are described here:
http://api.rubyonrails.org/classes/ActionController/Base.html#M000275

So, in ApplicationController:
session :session_domain => ‘mysite.com

Note that after 1.2 the main session settings are moving to
environment.rb, with the same syntax:
config.action_controller.session = { :session_domain => ‘mysite.com’ }

jeremy

3

On 3/18/07, S. Robert J. [email protected] wrote:

Sorry for not being more clear:
The app can be running under numerous domains, not known while I
code. I don’t want to hard code them in - I just want to tell Rails -
whatever the Host: header is, use that for the cookie domain.

That’s the default. Have you tried it?

jeremy

4

Thanks - I was getting weird behavior and thought therefore that this
was not set properly. But I traced the behavior to something else.
(Sometimes getting confirmation of where the problem is NOT helps you
think of where the problem IS… :slight_smile:

5

If you want a cookie to apply to multiple subdomains, set the cookie
domain a “.mydomain.com”. Note the initial “.”. See RFC 2109.

Note that the rfc states that the domain must have at least two dots.
So, “.localhost” will not be the same cookie for test1.localhost and
test2.localhost.

b

6

Sorry for not being more clear:
The app can be running under numerous domains, not known while I
code. I don’t want to hard code them in - I just want to tell Rails -
whatever the Host: header is, use that for the cookie domain.