The previous commit didn't work with complex domains, which is now fixed.

actionpack/lib/action_dispatch/middleware/session/abstract_store.rb

@@ -121,12 +121,12 @@ module ActionDispatch
           unless options[:expire_after].nil?
             cookie[:expires] = Time.now + options.delete(:expire_after)
           end
-          
+
           if options[:domain] == :all
-            top_level_domain = env["HTTP_HOST"].split('.')[-2..-1].join('.')
-            options[:domain] = ".#{top_level_domain}"
+            env["HTTP_HOST"] =~ /^(.*\.)*(.*)\.(...|...\...|....|..\...)$/
+            options[:domain] = ".#{$2}.#{$3}"
           end
-          
+
           request = ActionDispatch::Request.new(env)
           set_cookie(request, cookie.merge!(options))
         end

actionpack/test/dispatch/session/cookie_store_test.rb

@@ -39,7 +39,7 @@ class CookieStoreTest < ActionController::IntegrationTest
       session[:foo] = 'bye!' * 1024
       head :ok
     end
-
+    
     def rescue_action(e) raise end
   end
 
@@ -192,28 +192,28 @@ class CookieStoreTest < ActionController::IntegrationTest
       headers['Set-Cookie']
     end
   end
-  
+
   def test_session_store_without_domain 
     with_test_route_set do
       get '/set_session_value'
       assert_no_match /domain\=/, headers['Set-Cookie']
     end
   end
-  
+
   def test_session_store_with_nil_domain
     with_test_route_set(:domain => nil) do
       get '/set_session_value'
       assert_no_match /domain\=/, headers['Set-Cookie']
     end
   end
-  
+
   def test_session_store_with_all_domains
     with_test_route_set(:domain => :all) do
       get '/set_session_value'
       assert_match /domain=\.example\.com/, headers['Set-Cookie']
     end
   end
-  
+
   private
 
     # Overwrite get to send SessionSecret in env hash