Session Cookie & Domains

Is there a way to tell Rails to always use the full domain for the
session cookie? This is necessary if you want to allow people to be
logged in to both app1.mysite.com and app2.mysite.com with separate
sessions.

Use the session class method in your controller to set session options:
  http://api.rubyonrails.org/classes/ActionController/SessionManagement/ClassMethods.html#M000128

The options are described here:
  http://api.rubyonrails.org/classes/ActionController/Base.html#M000275

So, in ApplicationController:
  session :session_domain => 'mysite.com'

Note that after 1.2 the main session settings are moving to
environment.rb, with the same syntax:
  config.action_controller.session = { :session_domain => 'mysite.com' }

jeremy

Sorry for not being more clear:
The app can be running under numerous domains, not known while I
code. I don't want to hard code them in - I just want to tell Rails -
whatever the Host: header is, use that for the cookie domain.

That's the default. Have you tried it?

jeremy

Thanks - I was getting weird behavior and thought therefore that this
was not set properly. But I traced the behavior to something else.
(Sometimes getting confirmation of where the problem is NOT helps you
think of where the problem IS... :slight_smile: