Rails 3 - "Infinite" Session when changing to session_store :domain => :all

I currently have cookie based sessions. I am trying to allow access to all subdomains on my system with the same session, so users will only login once and be granted access through my site (section1.mysite.com, section2.mysite.com, etc).

I have updated my config/initializers/session_store.rb like so:

 Mysite开发者_Go百科::Application.config.session_store :cookie_store, :key => '_mysite_session', :domain => :all
 #Mysite::Application.config.session_store :cookie_store, :key => '_mysite_session'

The commented out line shows what I had before. Now, this works great if I was logged out (had no cookie session saved) when I restarted the server. However, if I had a cookie session for the first configuration, when I switch to :domain => all, I cannot destroy that session. The user is indefinitely logged in, because the session will not destroy. Users are not be able to logout from their sessions where the login was on the commented out session configuration, and they attempt to logout once the new config is in place.

Things I've tried: * changing the security_token didnt seem to help * changing the session_store key didn't seem to help (I'm confused about this... i thought it should work) * for the life of me I can't find out how to manually delete the sessions

No matter what I do, anyone logged in before I make this change cannot logout once I do.

Thanks in advance for your help! Ben

Shouldn't the :domain option be plural, as in :domains?

In your case, that would do:

Mysite::Application.config.session_store :cookie_store,
  :key => '_mysite_session', :domains => :all

And in order to get rid of your persistent session, you may want to clear your browser cookies.

Update:

To get rid of users cookies, edit the following Rails file:

app/config/initializers/secret_token.rb:

Mysite::Application.config.secret_token= 'XXXXXXXXX...XXXXXXXXX'