Rails: how to retain session when redirecting to canonical domain (e.g. company.example.com -> example.com)

Question

Rails 3.2.12, ruby 1.9.3

We allow users to specify the company they are with using a subdomain, like mycompany.example.com, but we redirect to the canonical example.com and need to remember that the user is from mycompany.

We have our environment set up so the config.session_store contains :domain => 'example.com (an alternative that also works is :domain => :all, :tld_length => 2) and this is supposed to work to allow sharing of session information between subdomains. There are a number of great posts, such as this one: Share session (cookies) between subdomains in Rails?

But before the redirect I am sending session.inspect to the log, and it's clearly getting a different session (two separate session ids, etc.). So the most basic issue is that I cannot use the session to remember the mycompany part before I strip it off.

I can work around that, but there are a number of cases where the same user will be from multiple companies (and part of this is our support team who needs to be able to switch companies).

I have tried this on Chrome and Safari on OS X. I am using "pow" so my local development environment has a domain like example.dev which helps rule out several issues (vs. normal localhost:3000 server).

Am I missing something? Is it indeed possible to share a cookie across domains?

UPDATE:

Example code called in a before_filter defined in ApplicationController:

def redirect_to_canonical_if_needed
  logger.debug "Starting before_filter. session contains: #{session}"
  if request.host != 'example.com'
    session[:original_domain] = "Originally came from #{request.host}"
    logger.debug "Redirecting, session contains: #{session}"
    redirect_to 'http://example.com', :status => :moved_permanently
  end
end

Setting added to config/environments/production.rb and removed from config/initializers/session_store.rb

  config.session_store = { :key => 'example_session', :secret => "secret", :domain => :all, :tld_length => 2 }

or

  config.session_store = { :key => 'example_session', :secret => "secret", :domain => 'example.com' }

And logging result, if I start from a fresh environment where no session exists going to the url a.example.com:

Starting before_filter, session contains: {}
Redirecting, session contains: {"session_id"=>"4de9b56fb540f7295cd3192cef07ba63", "original_domain"=>"a.example.com"}
Filter chain halted as :redirect_to_canonical_if_needed rendered or redirected
Completed 301 Moved Permanently in 2294ms (ActiveRecord: 855.7ms)
Started GET "/" for 123.456.789.123 at 2013-07-12 09:41:12 -0400
Processing by HomeController#index as HTML
  Parameters: {}
Starting before_filter, session contains: {}

So the before filter fires on each new request. First request there's no session, hence the "not loaded" message. The test for need to redirect is true. I put something in the session and it gets an id and what I put in it. I do the redirect. New request occurs on the root domain, before filter fires again, and here's the issue: session is not initialized

Answer 1

This should work fine between the two I have setup the following on my dev

Application is at example.dev

I view and set a session variable at a.example.dev then visit b.example.dev and it is set as long as when (as you describe) you set domain to 'example.dev' for the session store

This code in my root controller/action does exactly what your describing

unless request.subdomain.to_s == 'another'
  session[:original_domain] = request.subdomain.to_s
  redirect_to 'http://another.' + request.domain.to_s  
end

And viewing original_domain is available in the session

If you put the example code in I can have a look for any pitfalls