I’m working on an ecommerce site (in Rails 2.3) and I added:

ActionController::Base.session_options[:secure] = true

to ~/config/environments/production.rb

Now, every time I add something to my shopping cart and navigate away I
get a new session_id (which essentially empties my shopping cart).

How can I get the continuity of my sessions back, while still having the
session_id get set over a secure connection?

I’ve attached my ~/config/environment.rb and here is my
~/config/environments/production.rb

Settings specified here will take precedence over those in

config/environment.rb

The production environment is meant for finished, “live” apps.

Code is not reloaded between requests

config.cache_classes = true

Use a different logger for distributed setups

config.logger = SyslogLogger.new

Full error reports are disabled and caching is turned on

config.action_controller.consider_all_requests_local = false
config.action_controller.perform_caching = true

Enable serving of images, stylesheets, and javascripts from an asset

server

config.action_controller.asset_host =

“http://assets.example.com”

Disable delivery errors if you bad email addresses should just be

ignored

config.action_mailer.raise_delivery_errors = false

config.action_mailer.smtp_settings = {
:address => “192.168.248.6”,
:port => 25,
:domain => “babeland.com”
}

Turn these on and comment out the above config options for development

[THIS IS AN UGLY HACK]

config.cache_classes = false

config.action_controller.perform_caching = false

config.action_view.cache_template_extensions = false

config.log_level = :debug

encypt session_id cookies

I’m only doing this in production mode because I don’t run SSL on my

dev machine.

If this were system wide, I could never set the session_id cookie with

my development machine
ActionController::Base.session_options[:secure] = true

Hi I’m having the same issue but this is causing an
InvalidAuthenticityToken exception to be thrown. Were you able to fix
this issue?
Thanks!