Rails Cookie Settings for Cross-Subdomain Sessions

For the past day, I’ve been tracking down a hair-pulling-ly frustrating bug in Rails ( with Authlogic on Passenger).

My sessions weren’t sticking in production

Cross-domain or otherwise (doubly frustrating because a) Authlogic has been so rock solid for me otherwise, b) worked as expected in development).

Turns out, I wasn’t setting the session domain correctly in environments/production.rb.

config.action_controller.session[:domain] = '.YOURDOMAIN.COM'

Note the dot (it’s there for subdomains). Oh, and be sure to correctly spell your domain name…or sessions won’t work at all. ;)

3 thoughts on “Rails Cookie Settings for Cross-Subdomain Sessions

  1. Chris Schulte

    Newer versions of rails (I’m guessing >= 2.3.4) need to do this instead:

    config.action_controller.session = { :domain => ‘.YOURDOMAIN.COM’ }

  2. Pirkka Esko

    In Rails 3.1, just navigate to file session_store.rb in your projects config/initializers directory and issue:

    YourApp::Application.config.session_store :cookie_store, :key => ‘_your_app_session’, :domain => :all

    I spent a while figuring this out – partly because I was issuing the correct parameter in the wrong place (application.rb instead of session_store.rb).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>