how to setup rails Authenticity Token to work with multiple domains?
Posted
by bwizzy
on Stack Overflow
See other posts from Stack Overflow
or by bwizzy
Published on 2010-04-15T12:10:07Z
Indexed on
2010/04/15
12:13 UTC
Read the original article
Hit count: 295
ruby-on-rails
|ruby
I'm building an app that uses subdomains as account handles (myaccount.domain.com) and I have my sessions configured to work across the sub-domains like so:
config.action_controller.session = {:domain => '.domain.com'}
In addition to the subdomain a user can input a real domain name when they are creating their account. My Nginx config is setup to watch for *.com *.net etc, and this is working to serve out the pages.
The problem comes when a site visitor submits a comment form on a custom domain that was input by the user. The code is throwing an "Invalid AuthenticityToken" exception. I'm 99% sure this is because the domain the user is on isn't specified as the domain in the config.action_controller.session. Thus the authenticity token isn't getting matched up because Rails can't find their session.
So, the question is: Can you set config.action_controller.session to more than 1 domain, and if so can you add / remove from that value at runtime without restarting the app?
© Stack Overflow or respective owner