Devops for Ruby applications.

Deep dives and guides on setting up and managing your infrastructure for Ruby and Rails applications.


Get a monthly roundup of my latest content

You can also find me on Mastodon and Twitter

Rails session cookie `domain: :all` - beware of CNAMEs!

Let’s look at the security implications of a Rails session :cookie_store with domain: :all. It is a convenient way to allow users to be authenticated across subdomains, however, any subdomains as CNAMEs which map third-party services will also receive those session cookies.

read full article