losing session in rails 2.3.2 app using subdomain

Question

i have a 2.2.3 app which i upgraded to 2.3.2

it's a multi-site (using subdomain) that creates one top level session for all sites.

this is how i change the domain in production.rb:

ActionController::Base.session_options[:domain] = "xxx.com"

# in rails 2.2.2, this is what i used to do:
# ActionController::Base.session_options[:session_domain] = "xxx.com"

strange things started to happen after i upgraded i can no longer login using restful authentication; it does authenticate me, but as soon as i'm redirected, it would ask me to login again.

as i said, i use restful_authentication and i also use passenger 2.1.2. anyone can help?

Answer 1

You must indicate:

.xxx.com

(notice the leading dot) in order for the session cookie to apply to xxx.com as well as its sub-domains.

Cheers, V.

Answer 2

I had the same problem with cookie-based sessions. Upgrading to Passenger 2.1.3 seemed to fix the issue.

Answer 3

we had the same problem (losing sessions, without subdomain), with nginx + thin. Migrating to apache + passenger (last version) fixed the problem.

Answer 4

In Rails 2.3 you should use

config.action_controller.session[:domain] = '.example.com'

Answer 5

Olly's answer is correct, in rails 2.3 it should be:

config.action_controller.session[:domain] = '.example.com'

I just wanted to add that if you don't already have some session options created you may receive this when using that:

undefined method `[]=' for nil:NilClass

In that case you should use this instead (which creates the session variable instead of updating it):

config.action_controller.session = {:domain => '.example.com'}

Edit: Or to cover both cases (and future changes) try this in production.rb

begin
  config.action_controller.session[:domain] = '.example.com'
rescue
  config.action_controller.session = {:domain => '.example.com'}
end

Another edit: apparently Rails 2.2.2 projects use something different. "domain" should be named "session_domain" and take the period character off the front of the domain. Try this:

begin
  config.action_controller.session[:session_domain] = 'example.com'
rescue
  config.action_controller.session = {:session_domain => 'example.com'}
end

Answer 6

Just wanted to mention that another way to handle the whole subdomain thing for the cookies is dynamically. Works in 2.3.4.

Something like this in the environment.rb

# solution to use the cookies in the api. domains
# this is relevant but in 2.3.4 the code is different
# http://szeryf.wordpress.com/2008/01/21/cookie-handling-in-multi-domain-applications-in-ruby-on-rails/
# Just making sure that api. shares the domain name
require 'dispatcher'
module ActionController
  class Dispatcher
    def set_session_domain
      host_name = @env['SERVER_NAME']
      new_host_name = whatever #some mod of the host_name, for instance
      ActionController::Base.session = {
        :domain => new_host_name
      }
    end

    before_dispatch :set_session_domain
  end
end

Answer 7

I'm running Rails 2.3.5 and have

config.action_controller.session = {:domain => '.localhost:3000'}

in my development.rb but I don't get it to work?

Something else you need to do?

Answer 8

A more bullet proof solution would be to check if the session already exists or not. If you are blindly replacing the whole session object it may trip you up in the future.

if ActionController::Base.session
  ActionController::Base.session[:domain] = '.example.com'
else
  ActionController::Base.session = { :domain => '.example.com' }
end

I like to do this in an initializer file.

Answer 9

I'm wondering, how can this be achieved with Rails 3?