Setting a cookie on all subdomains in Rails 4 and Ember

Question

We have a Rails application that is the API component running on api.domain.com and a front-end application in Ember.js running on www.domain.com .

When Ember.js sends a POST request to a route in the API, /events , we want the API to set a cookie to remember a unique user identifier.

Hence this method in the Events controller:

def set_tracking_cookie
  cookies[:our_company_distinct] = {
    value: create_identifier,
    expires: 1.year.from_now,
    domain: :all
  }
end

As you see, the cookie is set on the entire domain, and is set to expire in a year.

The point is that the next time Ember queries the API, it will be able to read this cookie. However, this is not the case.

Each time the front-end queries the API, the API is unable to find the cookie, nor does it show in the cookies in my developer tools.

The Ember requests set the Access-Control-Allow-Credentials header to true , and I can confirm that the cookie is indeed sent in the response from the API with the correct values for domain, name, path, expiry, etc.

Am I missing something?

Thanks!

Answer 1

For anyone else going through a problem sending/receiving cookies in this way, here are some things I found helpful when I was debugging and ultimately fixed the problem:

• When you use the Chrome's (or any other browser's) devtools, examine each request and check it to see if the cookie is being sent from the API on the request where you expect it to be sent, and if all subsequent requests from Ember (or whatever other JS framework for that matter) send this request. In Chrome, go to "Network > [request] > Cookies". Ensure that the front end is sending the cookie properly and that it indeed receives it properly.
• We found that this was the best way of adding support for the CORS cookies to Ember was to be done like so: http://discuss.emberjs.com/t/ember-data-and-cors/3690