I have a Rails 6.1 application that previously used to serve assets from /assets (asset_host was unset)
Recently I've changed the asset_host to use //assets<X>.example.com/ where X would be a random number between 1 and 10.
config.action_controller.asset_host = Proc.new { |source, request|
request.nil? ? "" : "//assets#{rand(1..10)}.#{request.domain}/"
}
My session store configuration is set to ActiveRecord
Rails.application.config.session_store :active_record_store, :key => '_app_session', :expire_after => 7.days
Now I see that each hit to one of these subdomains gets a different cookie set which basically means Rails is starting a session for each asset host, which is bad (sessions table at 2M at this point).
Since I'm using Passenger with Apache I have also set it up to serve assets on the web server rather than going through Passenger:
<Location "^/assets/.+$">
PassengerEnabled Off
</Location>
... apparently this is not working since the cookies do get set.
In fact I'm not even able to see where the asset cookies get set because none of the asset responses contain Set-cookie headers (tried 3 browsers, cleared caches, tried incognito, tried different computers)
Why and how is this sorcery happening and how do I get it to use the same cookie set for the main subdomain www.example.com or root example.com without hardcoding the domain name (it's a multi-tenant app serving multiple domains)?
example.co.ukorelpmaxe.com.au?