Hi all, I''m having a problem and I don''t even know it it *is* fixable, let along how to fix it. I have a section of my site which redirects to an HTTPS connection to a different subdomain, so that users can safely make a payment. The redirection works fine, and the payment process runs as expected, but when the user returns to an http:// connection they are logged out. It seems that the session cookie isn''t being sent. The situation is like this: protocol: HTTP -> HTTPS -> HTTP session: OLD -> OLD -> NEW Now, I have my cookies set up to persist across subdomains, and that works across the rest of the site, however as I say on returning from an https connection, no cookie is sent by the browser and therefore a new session is created. Is there some way I can set up cookies to persist across HTTPS *and back*? What''s surprising is that there''s no problem with the switch *TO* HTTPS Thanks, Gareth --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Gareth Adams wrote:> > Hi all, > > I''m having a problem and I don''t even know it it *is* fixable, let along how to > fix it. > > I have a section of my site which redirects to an HTTPS connection to a > different subdomain, so that users can safely make a payment. The redirection > works fine, and the payment process runs as expected, but when the user returns > to an http:// connection they are logged out. It seems that the session cookie > isn''t being sent. > > The situation is like this: > > protocol: HTTP -> HTTPS -> HTTP > session: OLD -> OLD -> NEW > > Now, I have my cookies set up to persist across subdomains, and that works > across the rest of the site, however as I say on returning from an https > connection, no cookie is sent by the browser and therefore a new session is > created. > > Is there some way I can set up cookies to persist across HTTPS *and back*? > What''s surprising is that there''s no problem with the switch *TO* HTTPS >I have a similar setup but am not seeing this problem. How are you redirecting from HTTPS to HTTP? Are you forcing HTTP using mod_rewrite? Long --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Hi Gareth - Try this: ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update( :session_domain => ''.example.com'') It will maintain your session across anything with ''.example.com'' . Cheers Starr --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
One more thing - looking at the rails wikki, it seems as if some people can''t get it to work without omitting the ''.'' from the domain name. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Starr wrote:> > Hi Gareth - > > Try this: > ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update( > :session_domain => ''.example.com'') > > It will maintain your session across anything with ''.example.com'' . >I will add that I''d place the code-snippet in environment.rb (there may be other suitable locations) and only enable for ''production''. If you enable in development (WEBrick) you will quickly find sessions unusable. Long --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
That''s a good heads up, Long. - Thanks Starr --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Starr wrote:> > That''s a good heads up, Long. - Thanks >You''re welcome. The issue might come up later so I''d though I should mention it. Cheers, Long --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---