Welcome to Working With Rails


Discussion Forums

Discuss all things Ruby on Rails with perhaps the web's most vibrant group of Ruby on Rails enthusiasts.
session problem with multiple domains, subdomains in rails 1.2.3
3 Posts
session problem with multiple domains, subdomains in rails 1.2.3

I was struggling with handling sessions in my application.

My application contains 2 different domains and sub domains pointing to same application and same database running under production(Rails 1.2.3). I have domains www.domain1.com, www.domain2.com, www.sub1.domain2.com, www.sub2.domain2.com etc.. and all subdomains will be created under www.domain2.com only. Now here i was facing problem regarding session and unable to login in to application under any domain/subdomain. I googled for many hours and include this line in config/enviroments/development.rb/production.rb .

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_domain => '.domain2.com')

This was working fine for www.domain2.com, www.sub1.domain2.com, www.sub2.domain2.com etc...

Not working for www.domain1.com , unable to login under this domain

How can we handle sessions for different domains including subdomains ???? Is there a solution for my problem ? and Hope you understand the issue !!

thanks, sri...

So, before we start - there is a far more elegant solution for Rails 2.x - and I just want to say that you should upgrade and use the @:secret@ option to generate the same @session_id@ for each domain.

The problem for you is that sessions depend on cookies, and browsers (rightly) have restrictions on sending and storing cookies that are not from the domain they are on. So when a browser visits domain1.com and you send them a cookie for domain2.com then the browser will just be ignoring the cookie (worse, some browsers might even pop up a security warning).

The solution is to move the @:session_domain@ setting out into your ApplicationController so it's not hard coded for the whole app, and then set it in a @before_filter@ for each request.

So the code for your ApplicationController will be something like this:

class ApplicationController < ActionController::Base
  before_filter :set_session_domain
    def set_session_domain
      self.class.session_options[:session_domain] = request.domain

Note: you will end up with a cookie for the subdomain as well for the domain, but it will contain the same session_id as the domain one, and so it will map to the same session, so you won't really care which one is which.

Hi jason, Thanks a lot for the solution. This is working good for all except for www.domain2.com.

In firefox only i was unable to login on www.domain1.com and www.domain2.com and logging successfully on subdomains (sub1.domain2.com, sub2.domain2.com)

some times when cleared tmp/sessions and restart, able to login for first time and logout and re-login then not working !!!

And in tmp/sessions i was observing too many session files creating when login fails !!!

log file when form submits :

Processing AccountController#login (for at 2009-02-23 13:18:23) [POST] Session ID: e345bf14a03bc2686b83b7cd1daa1f55 Parameters: {"action"=>"login", "controller"=>"account", "add_user.x"=>"0", "login"=>"srinath@domain2.com", "password"=>"user", "add_user.y"=>"0"} Asked for a remote server ? true, ENV["FERRET_USE_LOCAL_INDEX"] is nil, looks like we are not the server Will use local index. using index in ./script/../config/../index/development/user [4;36;1mUser Columns (0.000744)[0m [0;1mSHOW FIELDS FROM users[0m default field list: [:password, :activated_at, :updated_at, :company, :status, :login, :lname, :fname, :customer_name, :activated, :customer_id, :created_at, :salt] [4;35;1mUser Load (0.000119)[0m [0mSELECT * FROM users WHERE (login = 'srinath@domain2.com') LIMIT 1[0m [4;36;1mCustomer Columns (0.000815)[0m [0;1mSHOW FIELDS FROM customers[0m [4;35;1mCustomer Load (0.000090)[0m [0mSELECT * FROM customers WHERE (customers.id = 1) [0m [4;36;1mUser Load (0.000148)[0m [0;1mSELECT * FROM users WHERE (users.login = 'srinath@domain2.com') LIMIT 1[0m [4;35;1mCustomer Load (0.000080)[0m [0mSELECT * FROM customers WHERE (sub_domain = NULL and status = 1) LIMIT 1[0m [4;36;1mUserLogrecord Columns (0.000597)[0m [0;1mSHOW FIELDS FROM user_logrecords[0m [4;35;1mSQL (0.000064)[0m [0mBEGIN[0m [4;36;1mSQL (0.000246)[0m [0;1mINSERT INTO user_logrecords (login_logout, customer_id, last_updated, user_id) VALUES(1, 1, '2009-02-23 13:18:23', 1)[0m [4;35;1mSQL (0.007792)[0m [0mCOMMIT[0m Redirected to http://domain2.com:3002/home Completed in 0.05395 (18 reqs/sec) | DB: 0.01069 (19%) | 302 Found [http://domain2.com/account/login]

Processing HomeController#home (for at 2009-02-23 13:18:23) [GET] Session ID: 59281e5105245632a8589e38b3a7ec7c Parameters: {"action"=>"home", "controller"=>"home"} [4;36;1mCustomer Load (0.000139)[0m [0;1mSELECT * FROM customers WHERE (sub_domain = NULL and status = 1) LIMIT 1[0m Redirected to http://domain2.com:3002/login Filter chain halted as [#] returned false. Completed in 0.00662 (151 reqs/sec) | DB: 0.00014 (2%) | 302 Found [http://domain2.com/home]

have any idea !!

thanks, sri..!

3 Posts
Login to add your message