Forum: Ruby on Rails Session problem with subdomains

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
04e1b6bf268d6110f4ca25201186f726?d=identicon&s=25 Xdmx Xdmx (xdmx)
on 2009-03-17 11:45
Hi, i've a problem with keeping the session between different
subdomains.

The subdomain itself works as expected, it's just the session which
isn't keep.

The url are like: http://username.users.localhost where username.users
is the subdomain, which i split and take the first part (username).

I need this to distinguish different requests (eg
username.users.localhost and name.blogs.localhost).

I've read that to solve this i've to set to share the domain in the
cookie, but i've tried theese and nothing worked :(

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] =
'.localhost'

ActionController::Base.session_options[:session_domain] = '.localhost'

and even config.action_controller.session.merge({:domain =>
'.localhost'})

i've tried both with '.localhost', 'localhost', '.users.localhost' and
'users.localhost', but nothing...

i'm running rails 2.2.2 with webrick (dev mode)... (in production i run
apache with passenger, but i haven't tried there yet)

Any idea on how i can solve this?
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2009-03-17 13:44
(Received via mailing list)
On 17 Mar 2009, at 10:45, Xdmx Xdmx wrote:
>
> ActionController::Base.session_options[:session_domain] = '.localhost'
>
> and even config.action_controller.session.merge({:domain =>
> '.localhost'})
>
> i've tried both with '.localhost', 'localhost', '.users.localhost' and
> 'users.localhost', but nothing...

Your web browser won't allow you to set a top level cookie (ie one
on .localhost), to the web browser it's as if you tried to set one
for .com

In the app i'm working on right now environment.rb has

config.action_controller.session = {
     :session_domain => "chat.local",
     :session_key => '_hermes_session',
...
}

and I share the same session across foo.chat.local, bar.chat.local

But it won't share it with any of the other apps that I work with (eg
someotherapp.local). If you're trying to have username.users.localhost
and name.blogs.localhost share sessions then that won't work just like
that - the domain need to have more segments in common.

Fred
04e1b6bf268d6110f4ca25201186f726?d=identicon&s=25 Xdmx Xdmx (xdmx)
on 2009-03-17 23:06
> Your web browser won't allow you to set a top level cookie (ie one
> on .localhost), to the web browser it's as if you tried to set one
> for .com

Hi Frederick, ok..so should it work in the production mode? where the
session_domain would be like '.domain.com'


> In the app i'm working on right now environment.rb has
>
> config.action_controller.session = {
>      :session_domain => "chat.local",
>      :session_key => '_hermes_session',
> ...
> }
>
> and I share the same session across foo.chat.local, bar.chat.local
>
> But it won't share it with any of the other apps that I work with (eg
> someotherapp.local). If you're trying to have username.users.localhost
> and name.blogs.localhost share sessions then that won't work just like
> that - the domain need to have more segments in common.

i've just updated to rails 2.3.2 and set the session inizializer:

config.action_controller.session = {
  :session_domain => "users.local",
  :session_key => '_app_session',
  :secret => '..............'}

But the session isn't shared with localhost and foo.users.localhost.. so
i've tried to change another time the session_domain to ".users.local",
"users.localhost", ".users.localhost", ".local", "local", ".localhost"
and "localhost"....and nothing... the session isn't shared at all.
This is my subdomain config:

SubdomainFu.tld_sizes = { :development => 0,
                          :test => 2,
                          :production => 1 }

It's just a single app which serve everything, not more different apps
for each subdomain. isn't possible neither in this case to have
different subdomains (foo.users.domain.com and foo.blogs.domain.com for
the production; foo.users.localhost and foo.blogs.localhost for the
development)?
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2009-03-17 23:13
(Received via mailing list)
On Mar 17, 10:06 pm, Xdmx Xdmx <rails-mailing-l...@andreas-s.net>
wrote:
> > Your web browser won't allow you to set a top level cookie (ie one
> > on .localhost), to the web browser it's as if you tried to set one
> > for .com
>
> Hi Frederick, ok..so should it work in the production mode? where the
> session_domain would be like '.domain.com'
>
that should be ok.
>
> config.action_controller.session = {
>   :session_domain => "users.local",
>   :session_key => '_app_session',
>   :secret => '..............'}
>
> But the session isn't shared with localhost and foo.users.localhost.. so

Those are all really differnt domains. Setting the domain to
users.local would allow sharing with anything.users.local and
users.local but nothing more. Remember to restart the app between
changes

> for each subdomain. isn't possible neither in this case to have
> different subdomains (foo.users.domain.com and foo.blogs.domain.com for
> the production; foo.users.localhost and foo.blogs.localhost for the
> development)?

you'd need something like

if RAILS_ENV=='production'
config.action_controller.session = {
  :session_domain => "domain.com"
...
else

end

but like I said foo.users.localhost and foo.blogs.localhost will never
be able to share cookies (and hence sessions. You need an intermediate
domain, eg foo.users.domain.localhost and foo.blogs.domain.localhost

Fred
04e1b6bf268d6110f4ca25201186f726?d=identicon&s=25 Xdmx Xdmx (xdmx)
on 2009-03-17 23:23
> that should be ok.

ok, i'll try directly in production mode

> Those are all really differnt domains. Setting the domain to
> users.local would allow sharing with anything.users.local and
> users.local but nothing more. Remember to restart the app between
> changes

yep, i restart it everytime


> you'd need something like
>
> if RAILS_ENV=='production'
> config.action_controller.session = {
>   :session_domain => "domain.com"
> ...
> else
>
> end

or i could set it directly in the enviroment folder, for production.rb
and development.rb..

> but like I said foo.users.localhost and foo.blogs.localhost will never
> be able to share cookies (and hence sessions. You need an intermediate
> domain, eg foo.users.domain.localhost and foo.blogs.domain.localhost

about the dev enviroment i don't care too much, but the production env
in that case should works (as the intermediate domain would be the real
domain, so domain.localhost would be domain.com)

thank you
This topic is locked and can not be replied to.