Session problem with subdomains


#1

Hi, i’ve a problem with keeping the session between different
subdomains.

The subdomain itself works as expected, it’s just the session which
isn’t keep.

The url are like: http://username.users.localhost where username.users
is the subdomain, which i split and take the first part (username).

I need this to distinguish different requests (eg
username.users.localhost and name.blogs.localhost).

I’ve read that to solve this i’ve to set to share the domain in the
cookie, but i’ve tried theese and nothing worked :frowning:

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] =
‘.localhost’

ActionController::Base.session_options[:session_domain] = ‘.localhost’

and even config.action_controller.session.merge({:domain =>
‘.localhost’})

i’ve tried both with ‘.localhost’, ‘localhost’, ‘.users.localhost’ and
‘users.localhost’, but nothing…

i’m running rails 2.2.2 with webrick (dev mode)… (in production i run
apache with passenger, but i haven’t tried there yet)

Any idea on how i can solve this?


#2

On 17 Mar 2009, at 10:45, Xdmx X. wrote:

ActionController::Base.session_options[:session_domain] = ‘.localhost’

and even config.action_controller.session.merge({:domain =>
‘.localhost’})

i’ve tried both with ‘.localhost’, ‘localhost’, ‘.users.localhost’ and
‘users.localhost’, but nothing…

Your web browser won’t allow you to set a top level cookie (ie one
on .localhost), to the web browser it’s as if you tried to set one
for .com

In the app i’m working on right now environment.rb has

config.action_controller.session = {
:session_domain => “chat.local”,
:session_key => ‘_hermes_session’,

}

and I share the same session across foo.chat.local, bar.chat.local

But it won’t share it with any of the other apps that I work with (eg
someotherapp.local). If you’re trying to have username.users.localhost
and name.blogs.localhost share sessions then that won’t work just like
that - the domain need to have more segments in common.

Fred


#3

Your web browser won’t allow you to set a top level cookie (ie one
on .localhost), to the web browser it’s as if you tried to set one
for .com

Hi Frederick, ok…so should it work in the production mode? where the
session_domain would be like ‘.domain.com’

In the app i’m working on right now environment.rb has

config.action_controller.session = {
:session_domain => “chat.local”,
:session_key => ‘_hermes_session’,

}

and I share the same session across foo.chat.local, bar.chat.local

But it won’t share it with any of the other apps that I work with (eg
someotherapp.local). If you’re trying to have username.users.localhost
and name.blogs.localhost share sessions then that won’t work just like
that - the domain need to have more segments in common.

i’ve just updated to rails 2.3.2 and set the session inizializer:

config.action_controller.session = {
:session_domain => “users.local”,
:session_key => ‘_app_session’,
:secret => ‘…’}

But the session isn’t shared with localhost and foo.users.localhost… so
i’ve tried to change another time the session_domain to “.users.local”,
“users.localhost”, “.users.localhost”, “.local”, “local”, “.localhost”
and “localhost”…and nothing… the session isn’t shared at all.
This is my subdomain config:

SubdomainFu.tld_sizes = { :development => 0,
:test => 2,
:production => 1 }

It’s just a single app which serve everything, not more different apps
for each subdomain. isn’t possible neither in this case to have
different subdomains (foo.users.domain.com and foo.blogs.domain.com for
the production; foo.users.localhost and foo.blogs.localhost for the
development)?


#4

On Mar 17, 10:06 pm, Xdmx X. removed_email_address@domain.invalid
wrote:

Your web browser won’t allow you to set a top level cookie (ie one
on .localhost), to the web browser it’s as if you tried to set one
for .com

Hi Frederick, ok…so should it work in the production mode? where the
session_domain would be like ‘.domain.com’

that should be ok.

config.action_controller.session = {
:session_domain => “users.local”,
:session_key => ‘_app_session’,
:secret => ‘…’}

But the session isn’t shared with localhost and foo.users.localhost… so

Those are all really differnt domains. Setting the domain to
users.local would allow sharing with anything.users.local and
users.local but nothing more. Remember to restart the app between
changes

for each subdomain. isn’t possible neither in this case to have
different subdomains (foo.users.domain.com and foo.blogs.domain.com for
the production; foo.users.localhost and foo.blogs.localhost for the
development)?

you’d need something like

if RAILS_ENV==‘production’
config.action_controller.session = {
:session_domain => “domain.com

else

end

but like I said foo.users.localhost and foo.blogs.localhost will never
be able to share cookies (and hence sessions. You need an intermediate
domain, eg foo.users.domain.localhost and foo.blogs.domain.localhost

Fred


#5

that should be ok.

ok, i’ll try directly in production mode

Those are all really differnt domains. Setting the domain to
users.local would allow sharing with anything.users.local and
users.local but nothing more. Remember to restart the app between
changes

yep, i restart it everytime

you’d need something like

if RAILS_ENV==‘production’
config.action_controller.session = {
:session_domain => “domain.com

else

end

or i could set it directly in the enviroment folder, for production.rb
and development.rb…

but like I said foo.users.localhost and foo.blogs.localhost will never
be able to share cookies (and hence sessions. You need an intermediate
domain, eg foo.users.domain.localhost and foo.blogs.domain.localhost

about the dev enviroment i don’t care too much, but the production env
in that case should works (as the intermediate domain would be the real
domain, so domain.localhost would be domain.com)

thank you