Bizarre authlogic issue only in Production

Question

Context: A rails app with authlogic for sigup and login Setup info: Rails 2.3.2

A controller called posts with an action 'show'. Upon login, I display the posts/index page.

and when the user clicks on an item, item's details get displayed. Fairly standard stuff.

All of this works fine and dandy both in Development and Production (Apache with Passenger 2.2.5 on ubuntu and mysql) EXCEPT for the following problem in one case:

Problem: ONLY on Firefox/Safari/Chrome (IE7 is Ok) and ONLY in PRODUCTION,

When the user logs in for the very FIRST time in a new session (open new browser,type in url), the index page is displayed fine and when an item is clicked, the user gets mysteriously LOGGED OUT (current_user returns null).

When you login again, everything is BACK to normal - you can logout and login any number of times and no problem - UNTIL you close the browser and start again.

Any other action besides 'show' has the current_user preserved and works fine.

QUESTION: How is the user session getting lost on a call like this posts/id only once - the first time ? The show action doesn't do anything special.

I have used both ActiveRecord Store and Cookies for Session Management with same behavior.

Anybody got any clues, greatly appreciated!

Answer 1

This might be happening because the user is getting redirected from: http://yoursite.com to http://www.yoursite.com

Here's a blog that mentions this problem: http://garrickvanburen.com/archive/rails-cookie-settings-for-cross-subdomain-sessions

To paraphrase the blog: The fix is to set: config.action_controller.session[:domain] = '.YOURDOMAIN.COM' inside of environment.rb (Make sure to prefix it with the .). That will make cookies work for both www.yourdomain.com and yourdomain.com (as well as any other subdomains).

This technique is also discussed here: http://stackoverflow.com/questions/663893/losing-session-in-rails-2-3-2-app-using-subdomain/978716#978716