Rails’ environment.rb (like most of the generated files) has a lot of comments that help you learn rails and build your app. Until yesterday I never used the :domain key of the action_controller.session, and I’m somewhat surprised Rails’ make no mention of it in environment.rb. But I have been using Rails for almost 2 years now, so I suppose it’s not in there because you can get by without it for quite some time =)
After upgrading our SSL certificate to use a wildcard, I directed secure pages to the secure subdomain (i.e. https://secure.SportKong.com) to really drive home the point that it’s secure. I then directed non-secure pages to the regular domain (http://SportKong.com) but the users’ session was lost. I needed to set config.action_controller.session[:domain] = ".sportkong.com" so that sessions would span across multiple domains.
