Removing Session Cookies across Multiple Subdomains in Rails 3

Question

Removing Session Cookies across Multiple Subdomains in Rails 3

I am creating a rails application that works like Wufoo. When you register, you get a subdomain, and you can enter the home page. The application works, so when you log in, you are redirected to your subdomain. The problem is that I cannot delete a session in both domains. If you access the site (username.myapp.com), it remains included in (myapp.com) and vice versa.

Right now I'm using session[:user_id] = nil to delete a session. Is there a way to delete all sessions in all domains.

In addition, I attached :domain => :all to my session_store.rb file so that I can log in through several subdomains.

+7

ruby-on-rails session-cookies ruby-on-rails-3 subdomain

Baylor rae ' Mar 2 '11 at 21:46

source share

1 answer

Pan thomakos · Accepted Answer · 2011-03-02T22:56:44+0000

The key is really how you set the session cookie, because you cannot delete the subdomain cookie (username.myapp.com) from the top level domain (myapp.com). To solve this problem, you want all of your shared session cookies to be set in the myapp.com domain. To do this, configure the sessions as follows:

 Rails.application.config.session_store :cookie_store, :domain => 'myapp.com'

That way, when you destroy the session ( session[:id] = nil ), you delete the shared cookie. I believe that you will also have to delete the session using session [: id] instead of session [: user_id].

Removing Session Cookies across Multiple Subdomains in Rails 3

More articles: