Hi there o/ I've been struggling a bit with sessions / subdomains on IE, came up with a hack and wonder if that's something that would make sense on rails core itself.
In case you're not familiar: IE behaves different from other browsers in that it seems to read cookies from the top level domain while other browsers only read cookies from the exact same base url, for example: - Generate a default new rails app then `rails g scaffold posts` - Put anything in the session on posts#index, e.g. `session[:check] = 'lol'` - Print the value on the view posts/index.html.erb, e.g. <%= session[:check] %> - Visit lvh.me:3000/posts to set the session. - Reload the page at will. You should see the value printed. - Visits lol-ie.lvh.me:3000/posts and you shouldn't see the value printed. Go through the steps above on Firefox and IE and you should see that the value set in lvh.me is also persisted on lol-ie.lvh.me. I think this might be cool for many apps but sometimes you really do not want to share session among subdomains. After some reading on rails / rack request classes I found this comment <https://github.com/rack/rack/blob/1.6.4/lib/rack/session/abstract/id.rb#L165-L187> on rack saying you can set the session service options on a request basis. But it seems to be out dated / no longer valid unless I misunderstood it. Plus I couldn't find any clear way to set the session cookie key on a request basis. The current hack is here https://gist.github.com/huoxito/e90730090a5fc8155a6b Is that something you think it's worth having in rails core? I mean a documented way to set cookie store keys on a request basis. I'm aware one can get around the issue by forcing users to "www.domain.*" but it feels like we could also handle it without forcing to "www". I couldn't find any previously related topics here or on github rails issues so sorry if this has been discussed. Feedback much appreciated thanks. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
