issue in delete a cookie ( cannot 'eat' it ..)

rubyonrails-talk
1

I set my cookies at root domain level ( lvh.me in dev) , accessible from within each subdomain

w session store initializer :

Rails.application.config.session_store :active_record_store, :key => ‘_tests_session’, :domain => :all

( good for persisted facebook authentication when user login into a different subdomain)

when a user login into a subdomain, I have

cookies[:login]

“{:user_id=>3, :subdomain_name=>"coocoo"}”

when the user logout , I should delete this cookie,

cookies.delete(:login, :host => Rails.configuration.host) if cookies[:login]

but it doesn’t delete it … any clue ?

thanks for feedback

3

It’s not useful in my case , as I am using FB & Google authentification, the callback can be set only to the main domain

using the :state parameter I can redirect to the calling subdomain on FB/Google callback

but before the redirect I need to delete the previous session/cookies ( user may have been logged in an another subdomain or root domain)

setting :domain => :all , means that the cookies :host is/should_be ‘.example.com’

and I should be able to delete it : ( as per Rails API)

cookies.delete(:login, :host => ‘.example.com’) but it’s not working

I am going to test another way : expiring the cookie,…

def remove_all_cookies(domain=nil)

unless domain.nil?

cookies.to_hash.each_pair { |k, v| cookies[k.to_sym] = { :value => ‘’, :path => ‘/’, :domain => domain, :expire => 1.day.ago } }

end

end

4

[SOLVED] the issue was not with cookies … I had to change the way I handle the session store w subdomain … should not using domain => :all

I finally set in initializers/session_store.rb

Rails.application.config.session_store :active_record_store, :key => ‘_myapp_session’, :domain => {

production: ‘myapp.com’,

development: ‘lvh.me’}.fetch(Rails.env.to_param.to_sym, :all)

so now I can set/delete the cookies[:login] according to user authentication w FB/Google and originated subdomain ( parameter :state in URL)

on signout, I have to delete the cookies[:login], on redirection I have to check if the cookies[:login] is related to the subdomain else delete it…

great post and link about it :

Quoted- As it turns outs ‘domain: all’ creates a cookie for all the different subdomains that are visited during that session (and it ensures that they are passed around between request).

If no domain argument is passed, it means that a new cookie is created for every different domain that is visited in the same session and the old one gets discarded.

What I needed was a single cookie that is persistent throughout the session, even when the domain changes. Hence, passing ‘domain: lvh.me’ solved the problem in development. This creates a single cookie that stays there between different subdomains.

For anyone needing further explanation,

this is a great link: Sharing A Devise User Session Across Subdomains With Rails 3