Unable to create cookie if it has a domain - ruby-on-rails

My controller has the following code
cookies[:book] = { :value => "Kids Puzzles", :expires => 2.years.from_now, :domain => "foo.com" }
Unable to create cookie if it has a domain which is different than the server in which the application is running. How should I create/delete a cookie in such cases.

You can't do that.
You can set a cookie for example.com within an app running at app.example.com but not for foo.com.

Related

Cookie set to subdomain when :all option is used

In my session controller, I want to set a cookie when user logs-in.
Say I visit http://buy.example.com/login, and the controller will handle the login as well as the cookie setting like the following:
cookies[:status] = { value: 'y', :domain => :all }
redirect_to referrer_url
I see that the cookie is set under the domain .buy.example.com, instead of .example.com.
The setting :domain => :all is not having any effect at all.
I am using Rails 3.2.11. The test is done in Chrome.
Have you set up your config/initializers/session_store.rb file
YourAppName::Application.config.session_store :cookie_store,
:key => '_yourAppName_session', domain: {
production: '.example.com',
development: '.lvh.me'
}.fetch(Rails.env.to_sym, :all)
With this configuration you can use lvh.me:3000 as the url in development.

Accessing Rails cookies by domain

I have a situation in which two cookies have the same name but slightly different domains (cookie1 has the domain example.com whereas cookie2 has sub-domain inclusive .example.com).
cookies[ :cookie_name ] = { :value => "test_value_cookie_1", :domain => "example.com" }
cookies[ :cookie_name ] = { :value => "test_value_cookie_2", :domain => ".example.com" }
I want to detect when both cookies exist, but unfortunately I can't out figure how to access a cookie by it's own domain. I can say
if cookies[ :cookie_name ].blank?
but how do I say
if cookies[ :cookie_name, :domain => ".example.com" ].blank?
or
if cookies[ :cookie_name ].domain[ ".example.com" ].blank?
I'm using "actionpack-2.3.11/lib/action_controller/cookies". I don't understand why you can set information like the domain, but not access it.
Apparently what I wanted to do was impossible. The HTTP spec only allows cookies to be accessed by name even though they can be set by domain:
When requesting a URL from an HTTP server, the browser will match the
URL against all cookies and if any of them match, a line containing
the name/value pairs of all matching cookies will be included in the
HTTP request. Here is the format of that line: Cookie:
NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...
http://curl.haxx.se/rfc/cookie_spec.html

Rails: how can I share permanent cookies across multiple subdomains?

My app's register and login processes take place on a secure subdomain. For this reason, I have modified config/initializers/session_store.rb to look like
if Rails.env.production?
AppName::Application.config.session_store :cookie_store, :key => '_app_name_session', :domain => '.app_name.com'
else
AppName::Application.config.session_store :cookie_store, :key => '_app_name_session'
end
so that the session can be shared across sub domains.
How can I share permanent cookies accross subdomains so that when I set a permanent cookie
on one subdomain via cookies.permanent[:some_key] = 'some value', I can access that cookie on another subdomain via cookies[:some_key]?
You need to specify the domain using a more verbose cookie setting method:
cookies[:some_cookie] = {
:value => "whatever",
:domain => ".app_name.com",
:expires => 1.year.from_now.utc
}
I haven't found a configuration setting to do this globally yet.

Subdomain cookie sharing in Rails 3 is not working (on Heroku)?

I'm trying to have cookies on my site dapshare.com work for both the root address and the 'www' subdomain.
A lot of other stackoverflow answers (and the great Railscasts vid on this topic) have suggested adding this line to session_store.rb:
Dapshare::Application.config.session_store :cookie_store, :key => '_dapshare_session', :domain => :all
This doesn't seem to make a difference: if I log in at dapshare.com, I still am not logged in at www.dapshare.com.
Am I doing something wrong here? I am using the following code to store information in the cookie:
cookies.permanent.signed[:thing_to_store] = store_information
Thanks for any help!
Short answer: using the 'cookies[:new_cookie] =' does not seem to grab the domain from the session_store config settings.
I added the :domain to the new cookie and it now works:
cookies.permanent.signed[:new_cookie] = {:value => new_value, :domain => ".dapshare.com"}
For anyone else reading, you also need to specify the domain when deleting the cookie
cookies.delete :new_cookie, :domain => ".dapshare.com"
(Thanks for your help with diagnosis Andrew Marshall.)
You can actually just specify your cookies using domain => :all instead of domain => '.dapshare.com' in Rails 3.1 +:
cookies.permanent.signed[:new_cookie] = {:value => new_value, :domain => :all}
This more flexible than outright specifying a string domain. Now your application won't break on a different production domain.
I encountered this issue, when passing :all doesn't seems to work properly. If you want to use only for subdomains try the following:
Dapshare::Application.config.session_store :cookie_store, :key => '_dapshare_session', :domain => '.dapshare.com'

Rails 3: Can't seem to write cookies for top level domain :(

I setup the cookie store to domain => :all, like I could find in documentation and it seems to work, because devise's authentication works across the multiple domain.
MyApp::Application.config.session_store :cookie_store, :key => '_MyApp.com_session', :domain => :all
However when I am trying myself to write to a cookie, it always write down the sub domain... I don't get it:
I write the cookie in the simplest manner possible:
cookies.permanent[:remember_locale] = locale
But no matter what it won't set it for the top level domain whereas the one dropped by devise seems to manage it without a problem :(
Alex
ps: I am using rails 3.0.3
The configuration for the session_store only applies to the session cookie. When setting a separate cookie you have to specify the domain for that cookie as well.
cookies.permanent[:remember_locale] = { :value => locale, :domain => :all }
Note (pulled from rails source):
# Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
#
# cookies[:key] = {
# :value => 'a yummy cookie',
# :expires => 1.year.from_now,
# :domain => 'domain.com'
# }
#
# cookies.delete(:key, :domain => 'domain.com')

Resources