0

In my Rails 4 app, I have a form sitting on a domain that follows this format - http://dev.example.com. The action of the form is set to POST to a different domain - https://admin.example.com. In that POST, my controller action sets a cookie to sign in the current user. That is all working as expected. I can print out cookies[:remember_token] and current_user. However, when I redirect to another page on https://admin.example.com, I lose my remember_token cookie which causes my current_user lookup to fail.

Is this expected behavior for cookies? I know cookies are attached to domains, but I would think my remember_token cookie would live with the admin domain, and a redirect to the admin domain would retain the cookie. Please let me know if this question doesn't make sense and I can provide more information. Thanks in advance for any advice!

ajporterfield
  • 1,009
  • 2
  • 10
  • 23
  • When I view cookies in Chrome (chrome://settings/cookies), I don't see remember_token being set on either domain. If the same form starts on the https://admin.example.com, then everything is fine - cookie gets set and user stays signed in. Is Rails preventing cookies from being set while transitioning to another domain, or is it the browser? – ajporterfield Jul 14 '15 at 14:34
  • Here is a really good guide to cookie domains and all the (IE) bugs and quirks http://erik.io/blog/2014/03/04/definitive-guide-to-cookie-domains/ – max Jul 14 '15 at 16:39
  • And here is how you set the cookie to `.example.com` http://stackoverflow.com/questions/4060333/what-does-rails-3-session-store-domain-all-really-do – max Jul 14 '15 at 16:42

1 Answers1

0

Try to add :domain => :all to the session intializer:

# config/initializers/session_store.rb
AppName::Application.config.session_store :cookie_store, :key => '_app_name_session', :domain => :all
Alex
  • 2,398
  • 1
  • 16
  • 30