how to setup rails Authenticity Token to work with multiple domains?

Posted by bwizzy on Stack Overflow See other posts from Stack Overflow or by bwizzy
Published on 2010-04-15T12:10:07Z Indexed on 2010/04/15 12:13 UTC
Read the original article Hit count: 291

Filed under:
|

I'm building an app that uses subdomains as account handles (myaccount.domain.com) and I have my sessions configured to work across the sub-domains like so:

config.action_controller.session = {:domain => '.domain.com'}

In addition to the subdomain a user can input a real domain name when they are creating their account. My Nginx config is setup to watch for *.com *.net etc, and this is working to serve out the pages.

The problem comes when a site visitor submits a comment form on a custom domain that was input by the user. The code is throwing an "Invalid AuthenticityToken" exception. I'm 99% sure this is because the domain the user is on isn't specified as the domain in the config.action_controller.session. Thus the authenticity token isn't getting matched up because Rails can't find their session.

So, the question is: Can you set config.action_controller.session to more than 1 domain, and if so can you add / remove from that value at runtime without restarting the app?

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about ruby