problem with domains in cookie sessions
Reported by pchm | June 29th, 2008 @ 12:29 PM | in 0.9.4
I think there's a bug in cookie sessions – specifically with cookie domains. After digging through the code I figured out that in order to set a domain for sessions I need to do something like this:
# Session config:
Merb::Config.use do |c|
c[:session_id_key] = '_sess'
c[:session_secret_key] = 'd49318052654c1e36a6b8d353f597db402474135'
c[:session_store] = 'cookie'
c[:session_cookie_domain] = '.mydomain.com'
end
Unfortunately, it doesn't seem to work. Domain name isn't being set in cookie headers and, as a result, merb loses sessions between subdomains.
In a case, when I manually set a cookie with a domain name provided, it works as intended:
cookies[:test] = {:value = 'test', :expires => Time.now, :domain => '.mydomain.com'}
Also, it would be nice to be able to specify domain names for cookies globally in a config file or init.rb.
Comments and changes to this ticket
-
Michael Klishin (antares) June 29th, 2008 @ 12:33 PM
- → State changed from “new” to “open”
- → Milestone changed from “” to “0.9.4”
-
pchm July 2nd, 2008 @ 09:57 AM
merb_controller.rb - line 15
self._session_cookie_domain = Merb::Config[:session_cookie_domain]For some reason this assignment fails - or there might be something later in the code that resets the value of self._session_cookie_domain. When I put the above line, say, into `initialize` method it works fine and domain is set properly.
-
Matthew Windwer July 2nd, 2008 @ 06:27 PM
We've already fixed this issue and sent a pull request to Yehuda Katz. Check out http://github.com/reframeit
-
Michael Klishin (antares) August 2nd, 2008 @ 03:40 PM
- → Milestone changed from “0.9.4” to “0.9.5”
-
Michael Klishin (antares) August 2nd, 2008 @ 06:00 PM
- → Assigned user changed from “” to “Michael Klishin (antares)”
- → Tag changed from “cookies merb-core sessions” to “cookies merb-core patch sessions”
Matthew,
If you add specs for this commit as a separate commit, I'd cherry-pick them. Regarding router changes you made, talk to Carl Lerche who works on new router at the moment.
-
Michael Klishin (antares) August 2nd, 2008 @ 06:36 PM
- → Milestone changed from “0.9.5” to “0.9.4”
-
Michael Klishin (antares) August 7th, 2008 @ 05:00 AM
- → State changed from “open” to “resolved”
Fixed starting from 7488d1b.
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
