#4818 Share session between subdomains - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#4818 ✓resolved

Share session between subdomains

Reported by Guillermo Álvarez | June 10th, 2010 @ 10:58 AM

Sessions cookies don't hace domain, so by default navigators use current HTTP_HOSTS.

If you want to share session between www.example.com and username.example.com you can't.

The next patch resolve this problem by adding a domain option in session_store initializar.

The syntax is:

  Rails.application.config.session_store :cookie_store, :key => '_app_session', :domain => :all

Comments and changes to this ticket

You flagged this item as spam.
Guillermo Álvarez June 10th, 2010 @ 11:03 AM
Here is the patch.
- add_host_option_to_cookie_session_store.patch 3.8 KB
You flagged this item as spam.
Guillermo Álvarez June 10th, 2010 @ 11:25 AM
This patch is so simple, and just cover most of the cases i know, so for most complicated cases like 3th level domain, you must be explicit. For example:

If you want to share session between *.google.co.uk you do:
```
  Rails.application.config.session_store :cookie_store, :key => '_app_session', :domain => ".google.co.uk"
```
You flagged this item as spam.
Guillermo Álvarez June 10th, 2010 @ 03:23 PM
- Tag changed from “cookie_store, session_store.rb” to “3.x, cookie_store, session_store.rb”
Repository June 10th, 2010 @ 05:05 PM
- State changed from “new” to “resolved”
(from [c4d6245e875bbb276c122a5a401422d341dac4df]) Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved]

Signed-off-by: David Heinemeier Hansson david@loudthinking.com
http://github.com/rails/rails/commit/c4d6245e875bbb276c122a5a401422...
Repository June 10th, 2010 @ 07:08 PM
(from [330a89072a493aafef1e07c3558964477f85adf0]) Revert "Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved]"

It does not work for domains like co.uk and com.br.

This reverts commit c4d6245e875bbb276c122a5a401422d341dac4df.
http://github.com/rails/rails/commit/330a89072a493aafef1e07c3558964...
Rizwan Reza June 11th, 2010 @ 03:36 PM
(from [44830ead1c88e1c45124133ce3e2ed9f890f42de]) Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved]

This reverts commit 330a89072a493aafef1e07c3558964477f85adf0.
http://github.com/rails/rails/commit/44830ead1c88e1c45124133ce3e2ed...
You flagged this item as spam.
Bryce Thornton June 19th, 2010 @ 08:44 PM
I really like this new ":domain => :all" option, but I'm getting a "ActionController::InvalidAuthenticityToken" exception when trying to use it. Everything works fine when specifying the domain directly.
You flagged this item as spam.
iGEL September 7th, 2010 @ 07:35 PM
Here is a list of all domains with several levels (like .co.uk): http://publicsuffix.org/ It's maintained by the Mozilla Project.
You flagged this item as spam.
Fjan December 2nd, 2010 @ 04:34 PM
This patch doe produce a cookie that doesn't conform to specs if the host you are accessing is "localhost" or an IP address. The browsers I tried don't seem to care about this but Unix' wget will complain about it.