Rails cookie session sharing and "www.example.com" or "example.com" problem

Question

When people access my app on www.example.com and log in, they get a cookie. I'm using the cookie option to store session on Rails. Accessing example.com (without the www), they must log in again, because Firefox does not recognize the previous session.

So, what do you think is the best way to avoid this?

I guess I will use a small .htaccess rule (Apache + Passenger) like this:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^(.*)$ http://www.example.com/$1 [R=permanent,L]

Do you guys think that is a good solution?

Answer 1

What I would do is:

1. Set up separate virtual hosts for domain.com and www.domain.com
2. Never publish links to domain.com, only to www.domain.com
3. When a user agent requests http://domain.com/, redirect with a 301 response to http://www.domain.com/
4. Only issue cookies from www.domain.com
5. Don't try to make the whole site available from domain.com, just the main page (which is redirected)

You don't need to involve rails in this solution at all.

Answer 2

Create separate virtual host entry:

ServerName domain.com
Redirect permanent / http://www.domain.com

The redirect points the user to your other virtual host:

ServerName www.domain.com