Rails Cookie Settings for Cross-Subdomain Sessions

For the past day, I’ve been tracking down a hair-pulling-ly frustrating bug in Rails ( with Authlogic on Passenger).

My sessions weren’t sticking in production

Cross-domain or otherwise (doubly frustrating because a) Authlogic has been so rock solid for me otherwise, b) worked as expected in development).

Turns out, I wasn’t setting the session domain correctly in environments/production.rb.

config.action_controller.session[:domain] = '.YOURDOMAIN.COM'

Note the dot (it’s there for subdomains). Oh, and be sure to correctly spell your domain name…or sessions won’t work at all. 😉