Rails Cookie Settings for Cross-Subdomain Sessions

For the past day, I’ve been tracking down a hair-pulling-ly frustrating bug in Rails ( with Authlogic on Passenger).

My sessions weren’t sticking in production

Cross-domain or otherwise (doubly frustrating because a) Authlogic has been so rock solid for me otherwise, b) worked as expected in development).

Turns out, I wasn’t setting the session domain correctly in environments/production.rb.

config.action_controller.session[:domain] = '.YOURDOMAIN.COM'

Note the dot (it’s there for subdomains). Oh, and be sure to correctly spell your domain name…or sessions won’t work at all. 😉

3 thoughts on “Rails Cookie Settings for Cross-Subdomain Sessions

  1. Newer versions of rails (I’m guessing >= 2.3.4) need to do this instead:

    config.action_controller.session = { :domain => ‘.YOURDOMAIN.COM’ }

  2. In Rails 3.1, just navigate to file session_store.rb in your projects config/initializers directory and issue:

    YourApp::Application.config.session_store :cookie_store, :key => ‘_your_app_session’, :domain => :all

    I spent a while figuring this out – partly because I was issuing the correct parameter in the wrong place (application.rb instead of session_store.rb).

Comments are closed.