How do you create one session cookie for multiple subdomains

I am using the restful authentication plugin and am always prompted to login if a different subdomain is accessed. I have found a couple rails "solutions", but none of them seem to work:

# development.rb 1. ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key] = ".localhost" 2. ActionController::Base.session_options[:key] = ".localhost"

Does anyone have a way that works?

Thanks

I am using the restful authentication plugin and am always prompted to login if a different subdomain is accessed. I have found a couple
rails "solutions", but none of them seem to work:

# development.rb 1.
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key] = ".localhost" 2. ActionController::Base.session_options[:key] = ".localhost"

   config.action_controller.session = {      :session_domain => 'texperts.local',       ... }

works for me. session_key is the name of the cookie

Fred

Frederick Cheung wrote:

  config.action_controller.session = {     :session_domain => 'texperts.local',      ... }

After making the changes that you suggested I continually get InvalidAuthenticityToken exceptions. When I turned of protect_from_forgery I obviously never got the exceptions, but I was still unable to have one session key for more than one subdomain.

This is what I now have: config.action_controller.session = { :session_domain => ".local", :session_key => '_app_session', :secret => 'secret_key' }

Is there anything that I am missing?

You can't set cookies for a top level domain like .local (in the same
way that you can't set a cookie for .com) the domain you set a cookie
for must have at least two components (there are a lot of
complications etc... see The Opera Blog - News | Opera 267415 for example)

Fred

Frederick Cheung wrote:

You can't set cookies for a top level domain like .local (in the same way that you can't set a cookie for .com) the domain you set a cookie for must have at least two components (there are a lot of complications etc... see The Opera Blog - News | Opera 267415 for example)

Fred

Thanks for the info Fred. Once I set up my hosts file to point myappname.localhost to the loopback address (along with some additional test subdomains) and made all test app requests to that url, it allowed the cookie to be shared nicely.

Thanks again.

Chris Olsen wrote:

Frederick Cheung wrote:

You can't set cookies for a top level domain like .local (in the same way that you can't set a cookie for .com) the domain you set a cookie for must have at least two components (there are a lot of complications etc... see The Opera Blog - News | Opera 267415 for example)

In case anyone had the same issue -- I was trying to get cross-subdomain cookies, as above. I followed the instructions... set my session_domain to ".myapp.local" to get around the issue Fred mentions, added some aliases to /etc/hosts, cleared my cookies, tried to log in to my app. And I was still getting InvalidAuthenticityToken errors.

Turns out all I needed to do was restart Firefox. No idea why that worked, but the InvalidAuthenticityToken errors stopped.

ymmv of course.