5

I have a rails app which supports multiple domains and each domain may have multiple subdomains.

Users visiting mydomain1.com do not receive the same experience as mydomain2.com (although the base behaviour of the apps is the same)

Therefore, if a user is logged in to mydomain1.com, it shouldn't then be logged in to mydomain2.com

If a user is logged in to france.mydomain1.com, it should then be logged in to germany.mydomain1.com

Previously, I've handled this by setting the domain in the session store configs:

MyApp::Application.config.session_store :cookie_store, :key => '_MyApp_session', :domain => APP_CONFIG[:domain]

I'm trying to work out the best way to handle this with multiple domains?

I've tried hacking around ActionDispatch::Callback but the request is not available from within there.

Can anybody suggest a good way of supporting multiple cookies from within one app?

Ideally I'd like to create a fresh cookie for each subdomain.

Improve this question
2
  • Have you tried it yet? It shouldn't be an issue since cookies are only valid for the domain that set them. I have a similar setup with no problems. Commented May 17, 2011 at 8:17
  • I haven't tried it in a live setup yet... I need to edit my question though as there's more to the problem. Commented May 17, 2011 at 8:25

2 Answers 2

Reset to default
5

You should do that:

class ActionDispatch::Session::MultiDomainStore < ActionDispatch::Session::CookieStore
  def initialize(app, options = {})       
    super(app, options.merge!(:domain => compute_domain(app)))      
  end

  def compute_domain(app)
    ...
  end
end

MyApp::Application.config.session_store :multi_domain_store, :key => '_MyApp_session'

I.e. your domain should start with the dot.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I can't specify just one domain - the app should support many domains and many subdomains
Then you should create custom session store. See updated answer
2

It shouldn't be an issue as cookies are only valid per domain. You can have a _MyApp_session for example1.com and one for example2.com. The cookies are managed by the browser and only sent to the host if the domain matches.

Say you visit example1.com and log in and you will get a cookie with the value abcdef123. Then you log into example2.com and you will get another cookie with a random string uvwxyz890.

If you return to example1.com later, the browser will only send the cookies that are valid for this domain to your app. Your app won't have to manage anything and you don't have to hack anything.

Improve this answer

1 Comment

The problem is that I want cookies to be shared across each subdomain - but not each domain.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.