Different user sessions with different domain name?

i noticed if you access my site with xxx.com versus www.xxx.com
separate user sessions are created such that same visitor form the
same browser can log in twice. I am not sure if this perhaps is a DNS
issue or this can be dealt at the level of rails app.

Thanks.

Cookies are scoped according to a domain name and path, so if you’re using two different host names, you’re going to get two different cookies.

I would fix this on the level of your web server as it’s got nothing to do with Rails really. This page on the Apache wiki will give you an idea of what you need to do, but the solution will depend on which HTTP server you use.

http://wiki.apache.org/httpd/CanonicalHostNames

i noticed if you access my site with xxx.com versus www.xxx.com

separate user sessions are created such that same visitor form the

same browser can log in twice. I am not sure if this perhaps is a DNS

issue or this can be dealt at the level of rails app.

in config/initializers/session_store.rb

MyApp::Application.config.session_store :cookie_store, :key => ‘_my_app_session’, :domain => ‘xxx.com

so any subdomain will still use the session for xxx.com

OK, it’s got something to do with Rails. :slight_smile:

Thanks for the dose of knowledge, Jim.

in config/initializers/session_store.rb

MyApp::Application.config.session_store :cookie_store, :key =>
'_my_app_session', :domain => 'xxx.com'

the solution I've found to work consistently is to modify as above,
but set :domain => '.xxx.com'

Having the leading period (.) will set a common cookie that is shared
by all subdomains. I use this technique to handle a secure subdomain
vs. a www subdomain, without creating new sessions between the two.

Kevin

But overall redirection from non www to www or vice versa should be done at least for “www” subdomain… As google bot considers www and non www as two different sites.

So go with Apache configs way if you want www and non www to be same.

And go with Rails cookies way, if you really have some subdomains like app1.example.com and app2.example.com, where app1 and app2 are sharing the session.

Yes, important point there. The choice to host across multiple subdomains should be made for a reason, not by default. If the subdomain is an essential part of the user’s request (Google up “Basecamp style subdomains” if you’re not sure what I mean by this) then it’s possible that you’d want separate cookies for each subdomain. In the vast majority of cases however, the application isn’t inferring anything from the subdomain, and you’re potentially losing PageRank.

Making the configuration at the web server will help you with both problems, if it is in fact a problem to have more than one subdomain, whereas the Rails-only solution helps only with cookie management.

This has been great advice. I am using nginx. (I know this is now not
a rails questions, but I figured to complete the post here so as not
to cross post). The way to to do this on nginx is as follows:

server {
  listen 80;
  server_name domain.com *.domain.com;
  rewrite ^ http://www.domain.com$request_uri? permanent;
}

server {
  listen 80;
  server_name www.domain.com;

  index index.html;
  root /home/domain.com
}

This is taken from:

http://blog.martinfjordvald.com/2010/07/nginx-primer/

just to make sure i dunerstood this. so to optimize ranking, when
soeone types in xxx.com it should be routed to www.xxx.com at the
level of the http server?

just to make sure i dunerstood this. so to optimize ranking, when

soeone types in xxx.com it should be routed to www.xxx.com at the

level of the http server?

yes, you are right.