RAILS/DEVISE - Setting a devise cookie to persist across different subdomains

Question

I use devise for authentication and want the following to work:

1. User logs in at [http://mydomain.com].
2. The user makes a payment at [https://secure.mydomai

Answer 1

I may be a little late to this, but for those looking in the future, it's a fairly easy solution. Add this to your environment's config file:

Rails3App::Application.config.session_store :cookie_store, :key => '_rails3_app_session', :domain => :all
# change "Rails3App" to the name of your rails app.

The important part of that is :domain => :all, since that tells Rails to allow subdomains as well. Others have suggested using :domain => ".mydomain.com", but :domain => :all does the job and doesn't require you to put in your domain name.

Note: if it doesn't work when you restart the server, you probably have a session_store.rb file in your initializers/ folder that is overriding it. Just change the line in that file, or remove that file and move it to your config.

Also, I had to specifically place the line in my production.rb file since changing it in the session_store.rb file broke my sessions for development (using the IP address).

Answer 2

Addendum: if it still doesn't work although you're pretty sure you deleted your old cookies, rename the cookie's key – just to make sure. (after hours of troubleshooting, this was all I really had to do to make it work.)