Problem with automatic login within custom subdomain after signup. #136

cloudfactory opened this Issue May 17, 2010 · 5 comments


None yet
4 participants

ghost commented May 17, 2010


I am using rails 3.0.0.beta3 to implement authlogic and subdomain-fu. And, I have a problem with automatic login into subdomain after signup.

The scenario is :
I have a signup form where an account and an admin user for that account are created simultaneously. Each time a new account is created, a separate subdomain is assigned to that account.

When the form is submitted, I expect the user to be redirected to
"user-sub-domain"."app-domain".com with the session for that sub-domain created automatically.

Currently, although the user is redirected to the corresponding subdomain, the session is not created. I think that the session is created only for the app-domain and when it is redirected to the subdomain, it doesn't find the session and thus, prompts the user to login again.

However, second-time login works fine.

I tried something like
config.action_controller.session = { :domain => '.dummy.localhost' } in development.rb. But, it doesn't seem to work. It still shows up the login form.

I would appreciate your help.


lscott3 commented Apr 17, 2012

Any word on this issue?

sapient commented Apr 30, 2015




tiegz commented Apr 30, 2015

Hey, not sure if this is really an authlogic issue, but maybe I can help. One question: do you want 1 session per subdomain, or 1 session that covers all domains?

sapient commented Apr 30, 2015

@tiegz You are right, its not specific to Authlogic at all, over the past few days I tried Sorcery and Devise as well, but this was the only topic which kind of closely matched my problem.

I actually solved the problem earlier and typed out a whole response here in case anyone else every arrived here like I did, I thought I had submitted the comment, but apparently not.

My problem was keeping authenticated across multiple subdomains, though I didnt really know that until I solved it.

Post login details to, in the session controller, redirect to Arrive at root on, buuuuut, still getting the root action for logged out people rendered - wierd. Log in again, and it works. Reverse the situation for logging out. It was very confusing.

I eventually figured I had to add this domain thing to my session store

Rails.application.config.session_store :cookie_store, {
  key: '_my_secret_key',
  domain: ''

But then I started getting an InvalidAuthenticityToken exception when I logged in. I had also been using constraints on the root route (Checking for the authlogic session variables), and that actually just added to the confusion. In the end the solution was to delete my cookies (yes, 2 days to figure this out). Some of them had the subdomain specific domain set and were messing with my sessions.

All fixed now though... Thanks!

Though if I DID want a session per subdomain, how would you do it?


tiegz commented Apr 30, 2015

Ah, glad you figured that out @sapient ! Given that, I'll close this ticket.

One session per subdomain sounds a little complicated and I admittedly haven't tried it myself (besides having separate apps running per subdomain), but this answer seems like a good idea (a custom session store class):

@tiegz tiegz closed this Apr 30, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment