Can I share a cookie between multiple domains pointing to the same Rails app?

Question

I have x.com pointing to apple.y.com, and separately, also one.y.com and two.y.com. I want the user who visits either x.com, one.y.com or two.y.com to share the same sessions. Is this possible? If not, what's the best compromise?

Answer 1

one.y.com and two.y.com can share cookies by setting the cookie domain to .y.com. This will share cookies across all subdomains of y.com.

x.com cannot share the cookies with y.com directly, however. There is a solution available using redirects, but it's tricky to implement -- http://www.15seconds.com/Issue/971108.htm (examples are in ASP.net, but you could apply the solution to RoR).

Answer 2

To get applications using the same domain working using the same session cookies, you would configure this in the environment config files.. I do this for some of my applications. This is for Rails 2.3.5 apps, It should be the same for Rails 3, but I am not positive.

First, in config/initializers/session_store.rb, make sure that:

# ActionController::Base.session_store = :active_record_store

is commented out.

Next, all of your applications should use the same key and secret, in the same file, set:

ActionController::Base.session = {
  :key         => '_myapp_session',
  :secret      => 'some really long string of hex'
}

Finally, configure the environment files to use the same domain:

config/environments/development.rb

config.action_controller.session = { 
  :domain => ".rails.local" 
}

config/environments/production.rb

config.action_controller.session = { 
  :domain => ".myapp.com" 
}