issue in delete a cookie ( cannot 'eat' it ..)

[Erwin]

I set my cookies at root domain level  ( lvh.me in dev)  , accessible from within each subdomain

w session store initializer :

Rails.application.config.session_store :active_record_store, :key => '_tests_session', :domain => :all

( good for persisted facebook authentication when user login into a different subdomain)

when a user login into a subdomain, I have 

cookies[:login]

"{:user_id=>3, :subdomain_name=>\"coocoo\"}"

when the user logout , I should delete this cookie, 

cookies.delete(:login, :host => Rails.configuration.host) if cookies[:login]

but it doesn't delete it ...  any clue ?

thanks for feedback

[Greg Donald]

On Mon, Nov 12, 2012 at 11:47 AM, Erwin <yves_...@mac.com> wrote:
> I set my cookies at root domain level ( lvh.me in dev) , accessible from
> within each subdomain
> w session store initializer :
> Rails.application.config.session_store :active_record_store, :key =>
> '_tests_session', :domain => :all

Did you try setting your domain to the actual domain?

Rails.application.config.session_store :active_record_store, :key =>
'_tests_session', :domain => 'example.com'

> when a user login into a subdomain, I have
> cookies[:login]
> "{:user_id=>3, :subdomain_name=>\"coocoo\"}"
>
> when the user logout , I should delete this cookie,
> cookies.delete(:login, :host => Rails.configuration.host) if cookies[:login]
>
> but it doesn't delete it ... any clue ?

--
Greg Donald

[Erwin]

It's not useful in my case , as I am using  FB & Google authentification, the callback can be set only to the main domain 

using the :state parameter I can redirect to the calling subdomain on FB/Google callback

but before the redirect I need to delete the previous session/cookies ( user may have been logged in an another subdomain or root domain)

setting :domain => :all , means that the cookies :host is/should_be   '.example.com'

and I should be able to delete it :   ( as per Rails API)

 cookies.delete(:login, :host =>  '.example.com')  but it's not working

I am going to test another way :  expiring the cookie,...

  def remove_all_cookies(domain=nil)

    unless domain.nil?

      cookies.to_hash.each_pair { |k, v|  cookies[k.to_sym] = { :value => '', :path => '/', :domain => domain,  :expire => 1.day.ago } }

    end

  end

[Erwin]

[SOLVED]  the issue was not with cookies .. I had to change the way I handle the session store w subdomain ...   should not using domain => :all

I finally set  in initializers/session_store.rb 

Rails.application.config.session_store :active_record_store, :key => '_myapp_session', :domain => {

  production: 'myapp.com', 

  development: 'lvh.me'}.fetch(Rails.env.to_param.to_sym, :all)

so now I can set/delete the cookies[:login] according to user authentication w FB/Google and originated subdomain ( parameter :state in URL)

on signout, I have to delete the cookies[:login], on redirection I have to check if the cookies[:login] is related to the subdomain else delete it...

great post and link about it :

Quoted- As it turns outs 'domain: all' creates a cookie for all the different subdomains that are visited during that session (and it ensures that they are passed around between request).

 If no domain argument is passed, it means that a new cookie is created for every different domain that is visited in the same session and the old one gets discarded. 

What I needed was a single cookie that is persistent throughout the session, even when the domain changes. Hence, passing 'domain: lvh.me' solved the problem in development. This creates a single cookie that stays there between different subdomains.

For anyone needing further explanation, 

this is a great link: http://excid3.com/blog/sharing-a-devise-user-session-across-subdomains-with-rails-3/