Ensure that rails sessions remain valid over subdomains and https

If you’re using Active Record Store for your sessions (keeping sessions in a database) you may ‘lose’ your sessions when jumping to a subdomain or to a https connection (in my case it was the latter).

Here’s how to make sure your sessions don’t go walk about.

Add this line to your ‘config/environments/production.rb’ file

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_domain => '.mydomain.com')

obviously replacing ‘mydomain.com’ for the domain in question.

This entry was written by Alastair, posted on October 24, 2006 at 11:43 am, filed under Ruby on Rails. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© Copyright 2006 - 2012 Alastair Dawson

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

7 Comments

  1. Sandro
    Posted June 6, 2007 at 8:26 am | Permalink

    You definitively save my life :D

  2. artifactory
    Posted July 5, 2007 at 2:04 pm | Permalink

    Ditto – saved me some serious time. kudos.

  3. Jason
    Posted April 7, 2008 at 7:47 am | Permalink

    Very much thank yous sire.

  4. rndrfero
    Posted May 5, 2008 at 5:13 am | Permalink

    FOR ME (rails 2.0.2) THIS DID NOT WORK !!!!

    instead of it works following line:

    ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] = ‘.mydomain.com’

  5. Alastair
    Posted May 5, 2008 at 6:21 am | Permalink

    THIS POST IS TWO YEARS OLD!!! BUT THANKS FOR THE UPDATE AND THE CAPS!!!

  6. Jeff
    Posted May 30, 2008 at 5:28 am | Permalink

    I HAVE RAILS 2.0.2

    ADDING ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] = ‘.mydomain.com’
    gives me an authenticity error

    are u suure it’s right?

  7. NilsR
    Posted April 7, 2009 at 3:15 am | Permalink

    Still does the job in Rails 2.3.2!

    Thanks alot.

Post a Comment

Your email is never shared. Required fields are marked *

*
*

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word