Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Share session between subdomains? #108

Closed
manuelmeurer opened this Issue · 16 comments

8 participants

Manuel Meurer Andrew Shaydurov Christian Fazzini Patrick Mulder Luca Guidi aldo sarmiento Scott Carleton Christopher Chow
Manuel Meurer

Is it possible to share session data between subdomains?
I am trying to set a session cookie on domain.com and access it on sub.domain.com but it won't work.
I tried using the domain parameter, which is used in the :cookie_store, with the values .domain.com and :all but to no avail.

Andrew Shaydurov

this code works for me:

Mainpeople::Application.configure do
  config.session_store :redis_store, redis_server: Settings.redis.url, domain: '.'+Settings.base_host.gsub(/:.*/, '')
end
Christian Fazzini

Any updates on this?

Patrick Mulder

This works for me for sharing sessions across Heroku domains:

use Rack::Session::Cookie, :key => 'rack.session', :secret => "123", :domain => ".herokuapp.com"

And In the other application the same line.

Christian Fazzini

You are using rack.session instead of redis_store?

Luca Guidi
Owner

As I know, there was a bug in ActionPack, try with this: https://coderwall.com/p/9_ow7a

Christian Fazzini

Hmmm, the patch does not support 3.2.11. I'll change:

s.add_dependency 'actionpack', '3.2.8

To:

s.add_dependency 'actionpack', '3.2.11

Hope it doesn't break anything

Christian Fazzini

Update. Still the same issue. That patch doesn't solve anything...

Luca Guidi
Owner

Have you checked the diff between 3.2.8 to 3.2.11? Maybe that monkey-patch isn't valid anymore. I created it while working on a Rails 3.2.6 app at that time.

Christian Fazzini

redis_store does not play well with :domain => :all or any other :domain settings...

I checked again with the traditional :cookie_store, :domain => :all works like a breeze. Wish redis_store could do that just as well

aldo sarmiento

Any news on this?

aldo sarmiento

@jodosha I think we just need to do this:

module Rack
  module Session
    class Redis < ActionDispatch::Session::AbstractStore
aldo sarmiento sarmiena referenced this issue from a commit in sarmiena/redis-store
aldo sarmiento sarmiena fixes #108 share between sessions in rails 3.2.11 a040a98
Scott Carleton

The problem is that the options aren't getting pushed up to rack's cookie options because of how one would assume they should be set. Redis Rack takes the options here.

One would probably write the options like this:

{ :redis_server => {:namespace => 'test:rack:session', domain => '.lvh.me'}

It might look like calling super would push the options given up to rack's initialize method but it's not since they're contained within the redis_server key so rack ignores them.

If written like this however:

{ :redis_server => {:namespace => 'test:rack:session'}, :domain => '.lvh.me'})

The domain '.lvh.me' does get pushed up to Rack's options. Note: I'm using lvh.me because it was the quickest way to verify. When trying to use pow with a *.dev domain I couldn't seem to get the naming right and sessions would just fail completely.

Ultimately, there needs to be better documentation for how redis server and cookie options are set. I feel that half the pull requests right now are due to options not correctly getting applied and it takes a solid few hours for one to re-learn the redis-store codebase, understand what's happening and realize that it's just an undocumented configuration issue.

Luca Guidi
Owner

@ScotterC would you please open a PR with the fix? Appreciate it, thanks! :tophat:

Scott Carleton

@jodosha Sure. Do you feel that a documentation update is sufficent or simplifying how the options get passed to Rack vs Redis?

Luca Guidi jodosha closed this
Christopher Chow

Should this be working in the latest version now that everything has been extracted out to separate gems? Because it doesn't seem to be working for me in redis-rails.

Scott Carleton

@Soliah If you're using Rails, you can use my fork which I've had in production for the last year. It simply forces the inheritance of ActionDispatch so that the options are correct.

You can still use the rest of redis-store like this:

gem "redis-rails",                  '~> 4.0' 
gem "redis-rack",                   github: "ScotterC/redis-rack", branch: 'rails-cookie-options'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.