Posts about Ruby

Deep dives and guides on Ruby and the ecosystem.


Get a monthly roundup of my latest content

You can also find me on Mastodon and Twitter

Rails session cookie `domain: :all` - beware of CNAMEs!

Let’s look at the security implications of a Rails session :cookie_store with domain: :all. It is a convenient way to allow users to be authenticated across subdomains, however, any subdomains as CNAMEs which map third-party services will also receive those session cookies.

read full article