2

I have found numerous posts that describe how to do this. They all look something like putting this in the appropriate environment config file:

config.action_controller.session[:domain] = '.localhost'

However, if I do this then trying to sign in (I am using devise) fails with:

ActionController::InvalidAuthenticityToken

I see others posting the same problem (to the comments section of the various blogs offering the advice to set session[:domain]) but I haven't found a case where anybody has answered the question about why that is happening and how to fix it.

Any ideas?

aNoble
  • 7,033
  • 2
  • 37
  • 33
eksatx
  • 1,023
  • 2
  • 10
  • 15

2 Answers2

1

I'm not sure if this is related to your problem, but are you trying to set the session domain to just '.localhost'? This won't work as it effectively a top-level domain that you are trying to set a cookie for.

See http://www.ruby-forum.com/topic/181650#794923

lukerandall
  • 2,201
  • 17
  • 29
1

I have this snippet in config/initializers/set_session_domain.rb:

module ActionControllerExtensions
  def self.included(base)
    base::Dispatcher.send :include, DispatcherExtensions
  end

  module DispatcherExtensions
    def self.included(base)
      base.send :before_dispatch, :set_session_domain
    end

    def set_session_domain
      domain = @env['HTTP_HOST'].gsub(/:\d+$/, '').gsub(/^[^.]*/, '')
      @env['rack.session.options'].update :domain => domain
    end
  end
end

ActionController.send :include, ActionControllerExtensions

Everything works pretty nice.

Voldy
  • 12,829
  • 8
  • 51
  • 67