Rails 3, no local cookie with: domain =>: all

Question

Rails 3, no local cookie with: domain =>: all

I have a Rails3 application that uses subdomains. To allow inputs, etc. Work in all subdomains, I do this in config/initializers/session_store.rb

 MyApp::Application.config.session_store :cookie_store, :key => '_myapp_session', :domain => :all

When I deploy my application to Heroku, this works fine. I can log in and log in through subdomains.

However, with local development, this does not work.

My browser set the session cookie correctly:

 $ curl http://test.lhs.com/users/sign_in ... Set-Cookie: _myapp_session=BAh...3ed; domain=.lhs.com; path=/; HttpOnly ...

However, my browser (I tried Safari, FireFox and Chrome) did not set this cookie. So, when I log in, I get an InvalidAuthenticityToken error.

I tried to remove the :domain => :all that correctly set the session cookie, but only for the current subdomain. If it is explicitly specified like this :domain => '.lhs.com' does not set a cookie either.

I don’t get it here. Why does it work in production on the hero, but not locally. I even tried different servers (Webrick with rails server and individually for passengers). I also tried working locally on port 80 instead of 3000, but that doesn't matter either.

Any hints why the session cookie is not set locally? Thanks!

+4

cookies ruby-on-rails-3 heroku

Ariejan Nov 17 '10 at 10:34

source share

4 answers

When the :domain => :all option is set in Rails 3.0.3, local session cookies do not seem to be set unless you specify a top-level domain in the browser. This can be designed, although I do not see any documentation in any way.

Thus, your session will fail when you visit localhost, but it should be installed normally in mylaptop.local. ".local" seems to satisfy the requirement for TLD.

+3

Zipflash Dec 21 '10 at 0:15

source share

There is an error in Rails where :domain => :all violated when visiting the site as localhost or IP address:

https://rails.lighthouseapp.com/projects/8994/tickets/6002-patch-ignore-domain-all-option-if-host-is-ip-address-or-localhost

It seems that the patch has been sent, but from this page I can’t say whether it is included in any releases.

As you find out, the solution is to edit / etc / hosts to include something like localhost.localdomain or something other than a bare host name (like lhs.me).

+2

Paul a jungwirth Jul 20 '12 at 15:09

source share

In config / intializers / session_store.rb set your domain to use all subdomains

 Your::Application.config.session_store :cookie_store, :key => '_example.com_session', :domain => ".lvh.me"

Be sure to specify . before the host name.

+1

Steven zeiler Dec 6 '12 at 20:36

source share

Ariejan · Accepted Answer · 2010-11-17T19:19:34+0000

I'm not sure what the problem is, but I changed 'lhs.com' to 'lhs.me' and moved it below the official definition of the local host in my hosts file. Not everything works like a charm.

Rails 3, no local cookie with: domain =>: all

More articles: