The www and non-www versions of my Rails app are two completely different sessions, and I want to prevent www by redirecting to https.
This says to use config.force_ssl = true in config/environments/production.rb to force https, but this doesn't prevent www. Unless there's a better way and it involves sharing session info between www and non-www? What am I doing wrong?
I think you should redirect(301) your www to your non-www version. You will avoid duplication of content and you will stick to just one session.