Problems with restful_authentication Plugin and Internet Explorer Cookies

I just ran into a fairly obscure bug. Bit me pretty good and stole an hour from me on an otherwise quiet Friday afternoon.

How the Problem Manifested Itself : Using restful_authentication, I could log in fine using Firefox and Opera, but not Internet Explorer or Safari. I figured, it's just an HTML POST, nothing special, so what could be going wrong? I started to tail my logfile, and the session#create action was working properly. It was redirecting to a protected page, signifying that the login was successful. However, there was a second redirect occurring immediately after, sending me back to the login page. Here's a tail of the logfile:

Processing SessionsController#create (for xxx.xxx.xxx.xxxat 2008-07-11 16:09:32) [POST]
  Session ID: 8375beba8418d2f58363b1a05ea93c79
  Parameters: {"commit"=>"Log in", "action"=>"create", "controller"=>"sessions", "password"=>"xxx.xxx.xxx", "login"=>"xxx.xxx.xxx"}
  User Load (0.000701) SELECT * FROM `users` WHERE (`users`.`login` = 'xxx.xxx.xxx') LIMIT 1
Redirected to http://xxx.xxx.xxx/dashboard
Completed in 0.00163 (611 reqs/sec) | DB: 0.00070 (42%) | 302 Found [http://xxx.xxx.xxx/session]

Processing DashboardController#index (for xxx.xxx.xxx.xxx at 2008-07-11 16:09:32) [GET]
  Session ID: 2a01076513064cce771c062a01da5e54
  Parameters: {"action"=>"index", "controller"=>"dashboard"}
Redirected to http://xxx.xxx.xxx/session/new
Filter chain halted as [#<ActionController::Filters::ClassMethods::SymbolFilter:0x7f4f3ef7d458 @filter=:login_required>] rendered_or_redirected.
Completed in 0.00043 (2309 reqs/sec) | DB: 0.00000 (0%) | 302 Found [http://xxx.xxx.xxx/dashboard]

Processing SessionsController#new (for xxx.xxx.xxx.xxx at 2008-07-11 16:09:32) [GET]
  Session ID: c8c497cb737dbb7a5977b76ef2a38a04
  Parameters: {"action"=>"new", "controller"=>"sessions"}
Rendering template within layouts/login
Rendering sessions/new
Completed in 0.00108 (928 reqs/sec) | Rendering: 0.00099 (92%) | DB: 0.00000 (0%) | 200 OK [http://xxx.xxx.xxx/session/new]

The first thing that caught my eye was "Filter chain halted.....". The login_required before_filter (used by restful_authentication) was failing despite the fact that I was able to successfully authenticate in the previous POST to session#create. The next thing that caught my eye was the fact that each of the three requests above has a distinct session id. This suggested to me that there was a problem with the session cookie being set. A little bit of head scratching and several google searches later, I came upon....

The Real Problem : I was accessing the site through a domain name that contained an underscore (e.g. client_app.stagingdomain.com). Why is this a problem? Well, Internet Explorer (and I suppose Safari) rejects cookies for domains that contain an underscore. Oddly enough, I found the solution on a Passenger Forum Post.

As soon as I changed the domain name through which I was accessing my staging server, the problem disappeared.

You've successfully subscribed to SmartLogic Blog
Great! Next, complete checkout for full access to SmartLogic Blog
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.