How to share sessions between subdomains with Rails 2.3.8

Question

I have found numerous posts that describe how to do this. They all look something like putting this in the appropriate environment config file:

config.action_controller.session[:domain] = '.localhost'

However, if I do this then trying to sign in (I am using devise) fails with:

ActionController::InvalidAuthenticityToken

I see others posting the same problem (to the comments section of the various blogs offering the advice to set session[:domain]) but I haven't found a case where anybody has answered the question about why that is happening and how to fix it.

Any ideas?

Answer 1

I'm not sure if this is related to your problem, but are you trying to set the session domain to just '.localhost'? This won't work as it effectively a top-level domain that you are trying to set a cookie for.

See http://www.ruby-forum.com/topic/181650#794923

Answer 2

I have this snippet in config/initializers/set_session_domain.rb:

module ActionControllerExtensions
  def self.included(base)
    base::Dispatcher.send :include, DispatcherExtensions
  end

  module DispatcherExtensions
    def self.included(base)
      base.send :before_dispatch, :set_session_domain
    end

    def set_session_domain
      domain = @env['HTTP_HOST'].gsub(/:\d+$/, '').gsub(/^[^.]*/, '')
      @env['rack.session.options'].update :domain => domain
    end
  end
end

ActionController.send :include, ActionControllerExtensions

Everything works pretty nice.