Share rails sessions among applications.

Question

I have two applications and want them to share their sessions. This is trivial, at least so far. Now I am running in some stange issue.

I have set the same session_key and secret in the environment.rb and the two applications did not share the same session.

Verified if development.rb has something... nothing.

Tried to cleanup cookies etc, nothing.

I then tried to change the secret, luckily i tried to change to something short and simple (mysecret) then something awkward arised. Running app 1 was ok, but running app 2 raised:

c:/ruby/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/session/cookie_store.rb:188:in `ensure_secret_secure': Secret should be something secure, like "f1e78444a4c3402165606a8314d29704".  The value you provided, "myownsecret", is shorter than the minimum length of 30 characters (ArgumentError)
    from c:/ruby/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_c

But both apps are running in 2.3.2.

Then I've tried the console for both applications and verified that the secret is very much the same.

So, what could be influencing here?

Answer 1

Could be to do with the domain names? I am pretty sure the session cookie is stored by domain. You can try using the code below to override it - provided you are using the same domain with different sub-domains for each app (put it in your config/environments/production.rb - or development.rb if you need it to work in dev mode too):

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_domain] =  '.yourdomain.com'

Edit: in Rails 2.3 the syntax is:

config.action_controller.session = { 
  :domain => ".yourdomain.com" 
}