Subdomain cookie sharing in Rails 3 is not working (on Heroku)? - ruby-on-rails

I'm trying to have cookies on my site dapshare.com work for both the root address and the 'www' subdomain.
A lot of other stackoverflow answers (and the great Railscasts vid on this topic) have suggested adding this line to session_store.rb:
Dapshare::Application.config.session_store :cookie_store, :key => '_dapshare_session', :domain => :all
This doesn't seem to make a difference: if I log in at dapshare.com, I still am not logged in at www.dapshare.com.
Am I doing something wrong here? I am using the following code to store information in the cookie:
cookies.permanent.signed[:thing_to_store] = store_information
Thanks for any help!

Short answer: using the 'cookies[:new_cookie] =' does not seem to grab the domain from the session_store config settings.
I added the :domain to the new cookie and it now works:
cookies.permanent.signed[:new_cookie] = {:value => new_value, :domain => ".dapshare.com"}
For anyone else reading, you also need to specify the domain when deleting the cookie
cookies.delete :new_cookie, :domain => ".dapshare.com"
(Thanks for your help with diagnosis Andrew Marshall.)

You can actually just specify your cookies using domain => :all instead of domain => '.dapshare.com' in Rails 3.1 +:
cookies.permanent.signed[:new_cookie] = {:value => new_value, :domain => :all}
This more flexible than outright specifying a string domain. Now your application won't break on a different production domain.

I encountered this issue, when passing :all doesn't seems to work properly. If you want to use only for subdomains try the following:
Dapshare::Application.config.session_store :cookie_store, :key => '_dapshare_session', :domain => '.dapshare.com'

Related

Session breaks when use subdomains with dalli store in rails3

I tried to use :domain => :all in session_store.rb and config.action_controller.session = {:domain => '.mydomain.com'} but anyway session breaks when i visit mydomain.com after www.mydmain.com.
Any suggestions?
SubdomainFu.configure do |config|
config.tld_size = 2
config.preferred_mirror = 'www'
end
Try with these configurable options. I hope it helps you.

With Rails and Devise, how do I set the cookie properties if I'm using ActiveRecord store?

In myapp/config/initializers/session_store.rb, I have the following:
Myapp::Application.config.session_store :cookie_store, :key => '_myapp_session', :domain => :all
The :key option sets the name to use for the cookie, and :domain => :all says that the cookie can be shared across subdomains.
Now I want to move to using ActiveRecord to store the session. If I do this:
Myapp::Application.config.session_store :active_record_store
... although the session is stored in the database, there is still, of course, a cookie. But I no longer have control over its name or scope.
How can I use ActiveRecord store for the session and still specify the cookie name and domain?
Figured it out
It's very simple, actually:
Myapp::Application.config.session_store :active_record_store, :key => '_myapp_session', :domain => :all

Rails: how can I share permanent cookies across multiple subdomains?

My app's register and login processes take place on a secure subdomain. For this reason, I have modified config/initializers/session_store.rb to look like
if Rails.env.production?
AppName::Application.config.session_store :cookie_store, :key => '_app_name_session', :domain => '.app_name.com'
else
AppName::Application.config.session_store :cookie_store, :key => '_app_name_session'
end
so that the session can be shared across sub domains.
How can I share permanent cookies accross subdomains so that when I set a permanent cookie
on one subdomain via cookies.permanent[:some_key] = 'some value', I can access that cookie on another subdomain via cookies[:some_key]?
You need to specify the domain using a more verbose cookie setting method:
cookies[:some_cookie] = {
:value => "whatever",
:domain => ".app_name.com",
:expires => 1.year.from_now.utc
}
I haven't found a configuration setting to do this globally yet.

Rails 3: Can't seem to write cookies for top level domain :(

I setup the cookie store to domain => :all, like I could find in documentation and it seems to work, because devise's authentication works across the multiple domain.
MyApp::Application.config.session_store :cookie_store, :key => '_MyApp.com_session', :domain => :all
However when I am trying myself to write to a cookie, it always write down the sub domain... I don't get it:
I write the cookie in the simplest manner possible:
cookies.permanent[:remember_locale] = locale
But no matter what it won't set it for the top level domain whereas the one dropped by devise seems to manage it without a problem :(
Alex
ps: I am using rails 3.0.3
The configuration for the session_store only applies to the session cookie. When setting a separate cookie you have to specify the domain for that cookie as well.
cookies.permanent[:remember_locale] = { :value => locale, :domain => :all }
Note (pulled from rails source):
# Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
#
# cookies[:key] = {
# :value => 'a yummy cookie',
# :expires => 1.year.from_now,
# :domain => 'domain.com'
# }
#
# cookies.delete(:key, :domain => 'domain.com')

Problem with sessions, subdomains and authlogic in Rails

I've got a rails app with authlogic authentication and a username.domain.com structure built with subdomain-fu.
But my session breaks when going from domain.com to username.domain.com. I've tried to add
config.action_controller.session = {:domain => '.localhost:3000'}
to my development.rb but that seams to break authlogic disabling sign out/sign in.
Any suggestions on what to do?
Thanks in advance!
you are having this issue in the development mode but probably wont have this issue in prod mode.. you are trying to set the top level cookie. your browser wont let you do that. what you are trying to do with
config.action_controller.session = {:domain => '.localhost:3000'}
is as good as saying
config.action_controller.session = {:domain => '.com'}
try creating custom local domain like localhost.localdomain or dummylocal.com or something and that will make it work.
config.action_controller.session = {:domain => 'localhost.localdomain'}
config.action_controller.session = {:domain => 'dummylocal.com'}
For Rails3 the code above will raise NoMethodError:
undefined method `session=' for ActionController::Base:Class
So, for Rails3 you should not change you environment config but should set your app/config/initializers/session_store.rb to look like:
YourAppName::Application.config.session_store :active_record_store,
{:key => '_your_namespace_session', :domain => '.yourdomain.com'}
Maybe this can help: http://erikonrails.snowedin.net/?p=248 ?

Resources