Ensure that rails sessions remain valid over subdomains and https

If you’re using Active Record Store for your sessions (keeping sessions in a database) you may ‘lose’ your sessions when jumping to a subdomain or to a https connection (in my case it was the latter).

Here’s how to make sure your sessions don’t go walk about.

Add this line to your ‘config/environments/production.rb’ file

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_domain => '.mydomain.com')

obviously replacing ‘mydomain.com’ for the domain in question.

7 Comments

  1. Posted June 6, 2007 at 8:26 am | Permalink

    You definitively save my life :D

  2. artifactory
    Posted July 5, 2007 at 2:04 pm | Permalink

    Ditto – saved me some serious time. kudos.

  3. Jason
    Posted April 7, 2008 at 7:47 am | Permalink

    Very much thank yous sire.

  4. Posted May 5, 2008 at 5:13 am | Permalink

    FOR ME (rails 2.0.2) THIS DID NOT WORK !!!!

    instead of it works following line:

    ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] = ‘.mydomain.com’

  5. Posted May 5, 2008 at 6:21 am | Permalink

    THIS POST IS TWO YEARS OLD!!! BUT THANKS FOR THE UPDATE AND THE CAPS!!!

  6. Jeff
    Posted May 30, 2008 at 5:28 am | Permalink

    I HAVE RAILS 2.0.2

    ADDING ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] = ‘.mydomain.com’
    gives me an authenticity error

    are u suure it’s right?

  7. Posted April 7, 2009 at 3:15 am | Permalink

    Still does the job in Rails 2.3.2!

    Thanks alot.

Post a Comment

Your email is never shared. Required fields are marked *

*
*

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word