Vixiom Axioms

October 24, 2006

Ensure that rails sessions remain valid over subdomains and https

Filed under: Ruby on Rails Alastair @ 11:43 am

If you’re using Active Record Store for your sessions (keeping sessions in a database) you may ‘lose’ your sessions when jumping to a subdomain or to a https connection (in my case it was the latter).

Here’s how to make sure your sessions don’t go walk about.

Add this line to your ‘config/environments/production.rb’ file

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_domain => ‘.mydomain.com’)

obviously replacing ‘mydomain.com’ for the domain in question.

Digg! submit Ensure that rails sessions remain valid over subdomains and https to stumbleupon.com submit Ensure that rails sessions remain valid over subdomains and https to del.icio.us submit Ensure that rails sessions remain valid over subdomains and https to reddit.com Like this post? subscribe to the feed.

6 Comments »

  1. You definitively save my life :D

    Comment by Sandro — June 6, 2007 @ 8:26 am

  2. Ditto - saved me some serious time. kudos.

    Comment by artifactory — July 5, 2007 @ 2:04 pm

  3. Very much thank yous sire.

    Comment by Jason — April 7, 2008 @ 7:47 am

  4. FOR ME (rails 2.0.2) THIS DID NOT WORK !!!!

    instead of it works following line:

    ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] = ‘.mydomain.com’

    Comment by rndrfero — May 5, 2008 @ 5:13 am

  5. THIS POST IS TWO YEARS OLD!!! BUT THANKS FOR THE UPDATE AND THE CAPS!!!

    Comment by Alastair — May 5, 2008 @ 6:21 am

  6. I HAVE RAILS 2.0.2

    ADDING ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] = ‘.mydomain.com’
    gives me an authenticity error

    are u suure it’s right?

    Comment by Jeff — May 30, 2008 @ 5:28 am

RSS feed for comments on this post. TrackBack URL

Leave a comment

*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-Spam Image

Powered by WordPress