Rails - Feb 2007 - SSL Certificate and cookies

Hi there

I have an SSL Certificate issued for mydomain.com (not www.mydomain.com)

I''m stuck with the scenario where a user visits www.mydomain.com and
logs in so that a cookie is set by www.mydomain.com

Then they go to checkout and are redirected to https://mydomain.com -
now they are not seen as logged in as the cookie was issued by www.mydomain.com
not mydomain.com and so are then getting redirected to the login page.

I''m using acts_as_authenticated and all is fine except for this issue.
Any clues would be appreciated.

Richard


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

If it were me, I''d force my web server or proxy to redirect all
www.domain.com
requests to domain.com.  It''s fairly easy.

For instance, this is how you do it using nginx:

# redirect www to non-www (for cookies)
if ($host != ''domain.com'' ) {
    rewrite  ^/(.*)$  http://domain.com/$1  permanent;
}

Of course, you''d want to add logic so that you''re not
redirecting your
SSL traffic to a non-SSL host ... but you get the drift.

Hope that helps...

-Chris

On Feb 21, 11:35 pm, infoa...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
wrote:
> Hi there
>
> I have an SSL Certificate issued for mydomain.com (notwww.mydomain.com)
>
> I''m stuck with the scenario where a user visitswww.mydomain.comand
> logs in so that a cookie is set bywww.mydomain.com
>
> Then they go to checkout and are redirected tohttps://mydomain.com-
> now they are not seen as logged in as the cookie was issued
bywww.mydomain.com
> not mydomain.com and so are then getting redirected to the login page.
>
> I''m using acts_as_authenticated and all is fine except for this
issue.
> Any clues would be appreciated.
>
> Richard

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

infoarts-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
> I have an SSL Certificate issued for mydomain.com (not www.mydomain.com)
> 
> I''m stuck with the scenario where a user visits www.mydomain.com
and
> logs in so that a cookie is set by www.mydomain.com
> 
> Then they go to checkout and are redirected to https://mydomain.com -
> now they are not seen as logged in as the cookie was issued by
www.mydomain.com
> not mydomain.com and so are then getting redirected to the login page.
You can set the domain for your session cookie to be ".mydomain.com",
thus
regardless of the subdomain session state will be kept. A simple way would 
be to add this line to your production.rb:
>
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_domain
=> ".mydomain.com")

Zsombor
-- 
Company  - http://primalgrasp.com
Thoughts - http://deezsombor.blogspot.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---