Session Cookie & Domains

Is there a way to tell Rails to always use the full domain for the session cookie? This is necessary if you want to allow people to be logged in to both app1.mysite.com and app2.mysite.com with separate sessions.

Use the session class method in your controller to set session options:   http://api.rubyonrails.org/classes/ActionController/SessionManagement/ClassMethods.html#M000128

The options are described here:   ActionController::Base

So, in ApplicationController:   session :session_domain => 'mysite.com'

Note that after 1.2 the main session settings are moving to environment.rb, with the same syntax:   config.action_controller.session = { :session_domain => 'mysite.com' }

jeremy

Sorry for not being more clear: The app can be running under numerous domains, not known while I code. I don't want to hard code them in - I just want to tell Rails - whatever the Host: header is, use that for the cookie domain.

That's the default. Have you tried it?

jeremy

Thanks - I was getting weird behavior and thought therefore that this was not set properly. But I traced the behavior to something else. (Sometimes getting confirmation of where the problem is NOT helps you think of where the problem IS... :slight_smile: