Sinatra clears session on post

Question

enable :sessions
set :session_secret, 'secret'

post '/login' do
        session[:loggedInUser] = jsondata['username'].to_s
        puts session[:loggedInUser] + " is the session"
end

Everything is good at this point. When I read the session like this:

get '/debug' do
    session.inspect
end

Its all there. But here comes the problem. When I go for another post request later on:

post '/foo' do
    # do nothing
end

The session is cleared.

Why? Is this a bug?

EDIT

I have narrowed the problem down: I proxypass Sinatra through nginx, to http://app.local/backend - this is when the issue occurs. If I run Sinatra through http://localhost:4567 it all works as expected.

SOLUTION

Use Rack::Session::Cookie instead of the default enable :sessions:

use Rack::Session::Cookie, :key => "rack.session",
:path => "/backend"
# etc

from the Sinatra FAQ:

If you need to set additional parameters for sessions, like expiration date, use Rack::Session::Cookie directly instead of enable :sessions:

Answer 1

I was suffering from the same issue as you: sessions were being cleared on post.

I have no idea why this works, but this is my solution:

#enable :sessions
use Rack::Session::Cookie, :key => 'rack.session',
                           :path => '/',
                           :secret => 'your_secret'

I literally just replaced the enable :sessions bit with use Rack::Session::Cookie ... and now all is good in the world.

Answer 2

After I add set :session_secret, SESSION_SECRET, everything works.

set :session_secret, SESSION_SECRET
enable :sessions

Then I find, Sinatra's README does mention about that:

To improve security, the session data in the cookie is signed with a session secret. A random secret is generated for you by Sinatra. However, since this secret will change with every start of your application, you might want to set the secret yourself, so all your application instances share it:

set :session_secret, 'super secret'