Force Session Reset when I add a custom domain to a Rails app?

When I added this to my staging.rb:

config.action_controller.session = {:domain => '.mysite.com'}

... and I try to access a subdomain after already being logged in, it doesn't recognize me and sends me back to the root domain. If I try to logout, it logs me back in.

The only way I get this to work is by removing the cookies in the browser manually.

How do I reset all u开发者_运维问答sers cookies when I make a change like this in Rails? Is there a standard approach?

You should be able to invalidate all sessions by changing the secret used to encode cookie-based sessions. This is could be assigned like this:

config.action_controller.session = {
  :domain => '.mysite.com',
  :secret => 'somethingreallyrandomnotactuallythis'
}

In Rails 3 this is done in config/initializers/secret_token.rb:

My::Application.config.secret_token = 'somethingreallyrandomnotactuallythis'