Session Cookie & Domains

Is there a way to tell Rails to always use the full domain for the
session cookie? This is necessary if you want to allow people to be
logged in to both and with separate

Use the session class method in your controller to set session options:

The options are described here:

So, in ApplicationController:
  session :session_domain => ''

Note that after 1.2 the main session settings are moving to
environment.rb, with the same syntax:
  config.action_controller.session = { :session_domain => '' }


Sorry for not being more clear:
The app can be running under numerous domains, not known while I
code. I don't want to hard code them in - I just want to tell Rails -
whatever the Host: header is, use that for the cookie domain.

That's the default. Have you tried it?


Thanks - I was getting weird behavior and thought therefore that this
was not set properly. But I traced the behavior to something else.
(Sometimes getting confirmation of where the problem is NOT helps you
think of where the problem IS... :slight_smile: