Ensure that rails sessions remain valid over subdomains and https

By Alastair | October 24, 2006

If you’re using Active Record Store for your sessions (keeping sessions in a database) you may ‘lose’ your sessions when jumping to a subdomain or to a https connection (in my case it was the latter).

Here’s how to make sure your sessions don’t go walk about.

Add this line to your ‘config/environments/production.rb’ file

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_domain => '.mydomain.com')

obviously replacing ‘mydomain.com’ for the domain in question.

This entry was posted in Ruby on Rails. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

7 Comments

Sandro

Posted June 6, 2007 at 8:26 am | Permalink

You definitively save my life
artifactory

Posted July 5, 2007 at 2:04 pm | Permalink

Ditto – saved me some serious time. kudos.
Jason

Posted April 7, 2008 at 7:47 am | Permalink

Very much thank yous sire.
rndrfero

Posted May 5, 2008 at 5:13 am | Permalink

FOR ME (rails 2.0.2) THIS DID NOT WORK !!!!

instead of it works following line:

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] = ‘.mydomain.com’
Alastair

Posted May 5, 2008 at 6:21 am | Permalink

THIS POST IS TWO YEARS OLD!!! BUT THANKS FOR THE UPDATE AND THE CAPS!!!
Jeff

Posted May 30, 2008 at 5:28 am | Permalink

I HAVE RAILS 2.0.2

ADDING ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] = ‘.mydomain.com’
gives me an authenticity error

are u suure it’s right?
NilsR

Posted April 7, 2009 at 3:15 am | Permalink

Still does the job in Rails 2.3.2!

Thanks alot.

Ensure that rails sessions remain valid over subdomains and https

7 Comments

Post a Comment

Search

Pages

Categories

Archives

Blogroll

RSS Feeds

Meta