I have a Rails-API app. More or less "out of the box" but I want to add back cookie-based session store. Here is what I've done:
app/controllers/application_controller.rb
+ include ::ActionController::Cookies
config/application.rb
+ config.middleware.insert_after ActiveRecord::QueryCache, ActionDispatch::Cookies + config.middleware.insert_after ActionDispatch::Cookies, ActionDispatch::Session::CookieStore
created config/initializers/secret_token.rb
+ Namespace::Application.config.secret_token = 'token'
created config/initializers/session_store.rb
+ Namespace::Application.config.session_store :cookie_store, :key => '_namespace_key'
When I inspect the session in a controller it results:
<Rack::Session::Abstract::SessionHash:0x3fdadc5daa24 not yet loaded>
However it does appear that data is being written to and used.
But, in my browser the cookie itself is being named as '_session_id' instead of '_namespace_key'
I thought I added back every piece required for cookie based session storage, but I appear to be missing something else. Any ideas?
To identify a user's session information, Rails stores a special secure and tamper-proof cookie on the user's browser that contains their entire session hash (look for it in your developer tools, usually under the “Application” section) and it expires when the browser is closed.
In the session chapter you have learned that most Rails applications use cookie-based sessions. Either they store the session ID in the cookie and have a server-side session hash, or the entire session hash is on the client-side.
If you're on Rails 5, and want to preserve config.api_only = true
you could extend the middleware to add the sessions layer, adding this code after class Application < Rails::Application
in config/application.rb
config.middleware.use ActionDispatch::Cookies config.middleware.use ActionDispatch::Session::CookieStore, key: '_namespace_key'
This could come in handy when you want to have a rails api-only
enabled app but have to manage user sessions with an administration panel like ActiveAdmin or Rails_Admin.
You need to remove these middleware declarations from your application.rb
file and add this:
config.api_only = false
This will enable session management the way you want if there is a configured session_store
somewhere in your initialisers (which you have). This isn't clearly documented, but that's what you're supposed to do.
Example here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With