Took out the domain option logic to cookies.rb.

actionpack/lib/action_dispatch/middleware/cookies.rb

@@ -45,7 +45,15 @@ def cookie_jar
   # * <tt>:value</tt> - The cookie's value or list of values (as an array).
   # * <tt>:path</tt> - The path for which this cookie applies.  Defaults to the root
   #   of the application.
-  # * <tt>:domain</tt> - The domain for which this cookie applies.
+  # * <tt>:domain</tt> - The domain for which this cookie applies so you can 
+  #   restrict to the domain level. If you use a schema like www.example.com 
+  #   and want to share session with user.example.com set <tt>:domain</tt>
+  #   to <tt>:all</tt>
+  #
+  #     :domain => nil  # Does not sets cookie domain. (default)
+  #     :domain => :all # Allow the cookie for the top most level
+  #                       domain and subdomains.
+  #
   # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object.
   # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers.
   #   Default is +false+.
@@ -54,13 +62,22 @@ def cookie_jar
   class Cookies
     HTTP_HEADER = "Set-Cookie".freeze
     TOKEN_KEY   = "action_dispatch.secret_token".freeze
-
+    
     # Raised when storing more than 4K of session data.
     class CookieOverflow < StandardError; end
 
     class CookieJar < Hash #:nodoc:
+
+      # This regular expression is used to split the levels of a domain
+      # So www.example.co.uk gives:
+      # $1 => www.
+      # $2 => example
+      # $3 => co.uk
+      DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/
+
       def self.build(request)
         secret = request.env[TOKEN_KEY]
+        @@host = request.env["HTTP_HOST"]
         new(secret).tap do |hash|
           hash.update(request.cookies)
         end
@@ -70,6 +87,7 @@ def initialize(secret=nil)
         @secret = secret
         @set_cookies = {}
         @delete_cookies = {}
+
         super()
       end
 
@@ -92,6 +110,12 @@ def []=(key, options)
         value = super(key.to_s, value)
 
         options[:path] ||= "/"
+
+        if options[:domain] == :all
+          @@host =~ DOMAIN_REGEXP
+          options[:domain] = ".#{$2}.#{$3}"
+        end
+
         @set_cookies[key] = options
         @delete_cookies.delete(key)
         value
@@ -103,6 +127,12 @@ def []=(key, options)
       def delete(key, options = {})
         options.symbolize_keys!
         options[:path] ||= "/"
+
+        if options[:domain] == :all
+          @@host =~ DOMAIN_REGEXP
+          options[:domain] = ".#{$2}.#{$3}"
+        end
+
         value = super(key.to_s)
         @delete_cookies[key] = options
         value

actionpack/lib/action_dispatch/middleware/session/abstract_store.rb

@@ -93,13 +93,6 @@ def stale_session_check!
         :cookie_only =>   true
       }
 
-      # This regular expression is used to split the levels of a domain:
-      # So www.example.co.uk gives:
-      # $1 => www.
-      # $2 => example
-      # $3 => co.uk
-      DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/
-
       def initialize(app, options = {})
         @app = app
         @default_options = DEFAULT_OPTIONS.merge(options)
@@ -129,11 +122,6 @@ def call(env)
             cookie[:expires] = Time.now + options.delete(:expire_after)
           end
 
-          if options[:domain] == :all
-            env["HTTP_HOST"] =~ DOMAIN_REGEXP
-            options[:domain] = ".#{$2}.#{$3}"
-          end
-
           request = ActionDispatch::Request.new(env)
           set_cookie(request, cookie.merge!(options))
         end

actionpack/lib/action_dispatch/middleware/session/cookie_store.rb

@@ -34,14 +34,6 @@ module Session
     #   integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,
     #   such as 'MD5', 'RIPEMD160', 'SHA256', etc.
     #
-    # * <tt>:domain</tt>: Restrict the session cookie to certain domain level.
-    #   If you use a schema like www.example.com and wants to share session 
-    #   with user.example.com set <tt>:domain</tt> to <tt>:all</tt>
-    #     
-    #     :domain => nil  # Does not sets cookie domain. (default)
-    #     :domain => :all # Allow the cookie for the top most level
-    #                       domain and subdomains.
-    #
     # To generate a secret key for an existing application, run
     # "rake secret" and set the key in config/environment.rb.
     #