Rails Cookie Settings for Cross-Subdomain Sessions

For the past day, I’ve been tracking down a hair-pulling-ly frustrating bug in Rails ( with Authlogic on Passenger).

My sessions weren’t sticking in production

Cross-domain or otherwise (doubly frustrating because a) Authlogic has been so rock solid for me otherwise, b) worked as expected in development).

Turns out, I wasn’t setting the session domain correctly in environments/production.rb.

config.action_controller.session[:domain] = '.YOURDOMAIN.COM'

Note the dot (it’s there for subdomains). Oh, and be sure to correctly spell your domain name…or sessions won’t work at all. 😉

3 comments for “Rails Cookie Settings for Cross-Subdomain Sessions

  1. November 1, 2009 at 11:45 pm

    config.action_controller.session[:domain] = ‘.DOERING-MBA.COM’ breaks Passenger, generating a syntax error. Rails 2.3.4, Passenger 2.2.5

  2. Chris Schulte
    March 9, 2010 at 11:56 am

    Newer versions of rails (I’m guessing >= 2.3.4) need to do this instead:

    config.action_controller.session = { :domain => ‘.YOURDOMAIN.COM’ }

  3. Pirkka Esko
    September 13, 2011 at 2:13 am

    In Rails 3.1, just navigate to file session_store.rb in your projects config/initializers directory and issue:

    YourApp::Application.config.session_store :cookie_store, :key => ‘_your_app_session’, :domain => :all

    I spent a while figuring this out – partly because I was issuing the correct parameter in the wrong place (application.rb instead of session_store.rb).

Leave a Reply

Your email address will not be published. Required fields are marked *

You should get my email