Dear list,
the Rails app, I''m currently working on will run on more than one
domain (e.g.
example.com and example.org) and uses subdomains for different projects. To
implement cross-project logins, I''d like the session cookie to cover
the
whole current domain (e.g. .example.com if somebody visits foo.example.com or
bar.example.com, but .example.org if somebody visits foo.example.org).
I know how to configure the session cookie application-wide (by using the
session() class method in a controller), but how can I modify the session
cookie settings for each request? There doesn''t seem to be instance
methods
to do so.
I don''t think that modifying global settings in an action (like
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(...) ) is a good
idea. It probably works in a development environment, but I suppose it will
break when running in a production environment (where classes are not
reloaded and class methods may affect other more than one request).
Somewhere on the web, I found a posting that recommended to override the
_session_id cookie by setting it via cookies[''_session_id''] =
{ ... }.
However this did not work for me - the result contained an HTTP header with
two _session_id cookies (one from the session plus the one I created
manually, both having the same cookie name)
I''d appreciate any ideas :-)
regards,
Andreas Neuhaus
((api.rubyonrails))
---------------
All the option symbols for setting cookies are:
* value - the cookie’s value or list of values (as an array).
* path - the path for which this cookie applies. Defaults to the
root of the application.
* domain - the domain for which this cookie applies.
* expires - the time at which this cookie expires, as a Time object.
* secure - whether this cookie is a secure cookie or not (default to
false). Secure cookies are only transmitted to HTTPS servers.
-----------------
maybe it''s possible to get around the problem using the options expires
(setting some session functionette..?) and domain.
not sure if this may remotely help, but if it does, ...
harp
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---
> All the option symbols for setting cookies are:: :> maybe it''s possible to get around the problem using the options expires > (setting some session functionette..?) and domain. > not sure if this may remotely help, but if it does, ...Unfortunately that doesn''t help. I need to modify session options within an action. It looks like this is not (directly) supported by rails. I tried to modify request.session_options in a before_filter, but that didn''t work. I suppose these session_options are only used when rails creates the session object and within an action, the session object does already exist. And as told in my last posting, I don''t like the idea to modify ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS, because I''m concerned about creating a race condition in production environments (where those default options are shared among multiple requests) However, this morning I found a way that works for me. I used the :if parameter of the class method session() to modify the session_domain depending on the current request: DOMAINS = [''example.com'', ''example.org''].freeze DOMAINS.each do |domain| session :session_domain => ".#{domain}", :if => lambda { |request| request.host.dup.chomp!(domain) } end This looks a bit complicated, but seems to be the only clean way. regards, Andreas Neuhaus