Session isn't passing over domain

Question

In my rails app, when I log in at the www.site.com address, I am logged in just fine. Although without logging out, I go to the site, http://site.com I am logged out, but still logged in at the www.site.com address if I go back.

I can't find anything to set in my environment variables, any idea as to how to keep this session across all domains on my domain?

Answer 1

In rails 2.3 this has been changed to:

config.action_controller.session[:domain] = '.example.com'

or if the session variable hasn't been created yet

config.action_controller.session = {:domain => '.example.com'}

See Losing session in rails 2.3.2 app using subdomain

Answer 2

When you set a session cookie for "site.com", that will be different than "www.site.com." You need to specify the "cookie_domain" as ".site.com" which will set the cookie or all subdomains as well. In PHP, you could use ini_set or session_set_cookie_params to set session.cookie_domain. In Rails, you can either add a small script to the enviroment.rb - something like:

ActionController::Base.session_options[:session_domain] = '.site.com'

(in this case you might also do some switching based on the domain name in production/test/development env's) or try some other configuration options.

Here's more than you'd ever want to know on the subject.

Answer 3

You should redirect www.site.com to site.com (or the other way around). If you don't do that, google may think it's two different sites.

Answer 4

since they alias www. to .; couldn't you just prepend www. onto the .?

Answer 5

Set the session cookie properly; that is, for .site.com and site.com rather than just for www.site.com.