Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved]

Signed-off-by: David Heinemeier Hansson <david@loudthinking.com>
author: Guillermo Álvarez <guillermo@cientifico.net> 2010-06-10 11:41:32 +0200
committer: David Heinemeier Hansson <david@loudthinking.com> 2010-06-10 12:05:12 -0400
commit: c4d6245e875bbb276c122a5a401422d341dac4df (patch)
tree: 54c896bf6e457b9ac076e1a2307224a32a611ce9 /actionpack/lib
parent: e11bb95d56ed77b10d54d9dfe5a3cc4aa48b3a61 (diff)
download: rails-c4d6245e875bbb276c122a5a401422d341dac4df.tar.gz
rails-c4d6245e875bbb276c122a5a401422d341dac4df.tar.bz2
rails-c4d6245e875bbb276c122a5a401422d341dac4df.zip
2 files changed, 14 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
index 3e8d64b0c6..040a83f7a6 100644
--- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -121,7 +121,12 @@ module ActionDispatch
           unless options[:expire_after].nil?
             cookie[:expires] = Time.now + options.delete(:expire_after)
           end
-
+          
+          if options[:domain] == :all
+            top_level_domain = env["HTTP_HOST"].split('.')[-2..-1].join('.')
+            options[:domain] = ".#{top_level_domain}"
+          end
+          
           request = ActionDispatch::Request.new(env)
           set_cookie(request, cookie.merge!(options))
         end
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 92a86ee229..0fc63d026f 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -34,6 +34,14 @@ module ActionDispatch
     #   integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,
     #   such as 'MD5', 'RIPEMD160', 'SHA256', etc.
     #
+    # * <tt>:domain</tt>: Restrict the session cookie to certain domain level.
+    #   If you use a schema like www.example.com and wants to share session 
+    #   with user.example.com set <tt>:domain</tt> to <tt>:all</tt>
+    #     
+    #     :domain => nil  # Does not sets cookie domain. (default)
+    #     :domain => :all # Allow the cookie for the top most level
+    #                       domain and subdomains.
+    #
     # To generate a secret key for an existing application, run
     # "rake secret" and set the key in config/environment.rb.
     #
author	Guillermo Álvarez <guillermo@cientifico.net>	2010-06-10 11:41:32 +0200
committer	David Heinemeier Hansson <david@loudthinking.com>	2010-06-10 12:05:12 -0400
commit	c4d6245e875bbb276c122a5a401422d341dac4df (patch)
tree	54c896bf6e457b9ac076e1a2307224a32a611ce9 /actionpack/lib
parent	e11bb95d56ed77b10d54d9dfe5a3cc4aa48b3a61 (diff)
download	rails-c4d6245e875bbb276c122a5a401422d341dac4df.tar.gz rails-c4d6245e875bbb276c122a5a401422d341dac4df.tar.bz2 rails-c4d6245e875bbb276c122a5a401422d341dac4df.zip