3

I have my app deployed with heroku and have a SSL configured to one of my subdomain(secure.mydomain.com). I would like only order part of my app to use this ssl so in my orders controller I have a before filter to redirect the request to my secure subdomain. However all the session information is lost when it is redirected. I think because of the subdomain. How do I redirect this so that session information (cart info which is stored in db and some id information) can be retrieved. Can some one help please.

THanks KIran

Kiran
  • 33
  • 3
  • Ideally, the entire site should be available via SSL and should redirect users to the SSL version automatically. – yfeldblum Jan 05 '11 at 16:02
  • looks like my boss is having an issue setting up the entire site available via SSL. So I was trying this approach. – Kiran Jan 05 '11 at 17:12
  • also just wanted to ask if there is a preferred way to handle secure transactions in rails other than using redirecting. – Kiran Jan 05 '11 at 18:39

1 Answers1

14

In your config/intializers/session_store.rb change it to

Yourapp::Application.config.session_store :cookie_store, :key => '_yourapp_session', :domain=>:all

The secret-sauce is the domain... When set to all, cookies will be stored across all subdomains and the main domain.

Jesse Wolgamott
  • 40,197
  • 4
  • 83
  • 109
  • also just wanted to ask if there is a preferred way to handle secure transactions in rails other than using redirecting. – Kiran Jan 05 '11 at 18:35