Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Maintaining Cookies when switching EC2 instances Ruby on Rails

My team is coming to the end of a massive overhaul of changes to our system and are getting ready to do the big switch.

Currently, we are hosted on AWS using Elastic IPs. Our stack is Ruby on Rails and we are using capistrano.We also have a blackberry app and an iPhone app live and in the hands of customers. The authentication between the applications and the server is through cookies and not any kind of authentication key.

I am well aware that this isn't the best way to have authentication, but legacy code is legacy.

Because of the nature of our company and service, it is IMPERATIVE that when we switch over, the users do not get logged out and the session passed through the cookie from the mobile application to the server is honored.

I have tried the following approaches:

Pointing the DNS to a different IP. Pointing the Elastic IP to a different AWS instance.

In each case, the cookies do not seem to be honored.

I am a developer and not a sysadmin and have run out of ideas. Is there anyway to make a new instance honor cookies using Devise on Rails or through AWS? Or another option that I should consider?

like image 704
user2320166 Avatar asked Oct 22 '22 11:10

user2320166


1 Answers

HTTP Cookies do not contain any information regarding service IP address. They are tied to the domain name (or the root of the subdomain) and a path. Thus, you can change the service IP address all you want, as long as the domain stays the same. In your case both solutions are valid - you can migrate the IP address or just change the IP value of the DNS record. That should be enough to keep users logged in.

Important, reminding question is - where do you keep session data? What session store do you use in Rails? It is possible, that you didn't migrate the session data to your test environment, thus the client was logged out.

Default session store for Rails is the cookie store (session data are kept client side), so it should "just work" in your case as long as your secret_token in the App remains the same. Maybe that was regenerated during a deploy? It might be worth checking out (config/initializers/secret_token.rb) This token is used to sign the cookies in order to make sure that the client hasn't altered them.

Make sure all of those points are valid in your case and double check your testing process, because it should just work without any additional actions.

like image 151
mdrozdziel Avatar answered Oct 27 '22 17:10

mdrozdziel