Multiplay Labs

tech hits and tips from Multiplay

Archive for June 16th, 2010

Fun with Cookie Domains and Rails

without comments

If you are working on a site in rails that supports multiple subdomains and want to share a cookie between them, it makes sense to set your cookie domain in your environment.rb to something like:

	config.action_controller.session = {
		:key => 'my_app_key',
		:secret => 'my_super_secret',
		:domain => '.domain.tld'

However, you may come across a weird problem when developing locally, where the CSRF protection no longer works, always throwing up an invalid authenticity token error.

The answer to this is simple – by setting the cookie domain you’ve essentially cut your local machine (or any machine not in that domain for that matter) out of the loop, as per the usual cookie security policies. The easy way to be able to continue to do local development is set up a local DNS alias with a matching domain scheme. For me, I did this to my /etc/hosts file: local.domain.tld

And now doing local development via http://local.domain.tld works a charm.

Written by Andrew Montgomery-Hurrell

June 16th, 2010 at 8:55 am

Posted in Code,Hackery,Rails