Subdomain cookie sharing in Rails 3 is not working (on Heroku)?

Question

I'm trying to have cookies on my site dapshare.com work for both the root address and the 'www' subdomain.

A lot of other stackoverflow answers (and the great Railscasts vid on this topic) have suggested adding this line to session_store.rb:

Dapshare::Application.config.session_store :cookie_store, :key => '_dapshare_session', :domain => :all

This doesn't seem to make a difference: if I log in at dapshare.com, I still am not logged in at www.dapshare.com.

Am I doing something wrong here? I am using the following code to store information in the cookie:

cookies.permanent.signed[:thing_to_store] = store_information

Thanks for any help!

Answer 1

You can actually just specify your cookies using domain => :all instead of domain => '.dapshare.com' in Rails 3.1 +:

cookies.permanent.signed[:new_cookie] = {:value => new_value, :domain => :all}

This more flexible than outright specifying a string domain. Now your application won't break on a different production domain.

Answer 2

Short answer: using the 'cookies[:new_cookie] =' does not seem to grab the domain from the session_store config settings.

I added the :domain to the new cookie and it now works:

cookies.permanent.signed[:new_cookie] = {:value => new_value, :domain => ".dapshare.com"}

For anyone else reading, you also need to specify the domain when deleting the cookie

cookies.delete :new_cookie, :domain => ".dapshare.com"

(Thanks for your help with diagnosis Andrew Marshall.)

Answer 3

I encountered this issue, when passing :all doesn't seems to work properly. If you want to use only for subdomains try the following:

Dapshare::Application.config.session_store :cookie_store, :key => '_dapshare_session', :domain => '.dapshare.com'