storing session in rails api application

Question

I have a rails api only application [config.api_only = true] in which I enable the cookies through these following lines:

in application.rb:

config.middleware.insert_after ActionDispatch::ParamsParser, ActionDispatch::Cookies
config.middleware.insert_after ActionDispatch::ParamsParser, ActionDispatch::Session::CookieStore

in application_controller.rb

include ActionController::Helpers
include ActionController::Cookies

I also added secret_token.rb as follows:

Rails.application.config.secret_token = 'token'

in my controller, I am trying to store the session like this:

def index
    #other codes
    session[:userid] = useridstring
    render :text => session[:userid]
end

Note: however, after executing this in chrome, I am examining the cookie and none is set...

then in the same controller, but in another action, I am trying to read the session like this:

def readsession
    userId = session[:userid]
    render :text => userId
end

and nothing is rendered.. :(

Is there anything I missed?

I tried following the answer here which suggest that I set config.api_only = false, however the result is the same (I have no cookie set, and when read in another controller, session is still empty

Sorry that it is such a basic question (or initial configuration matter), I am still very new in ruby and rails..

Answer 1

Since an API is always client independent, so it's best to use a token for authentication.

Here's how:

1. Add a column called token in users table.
2. A user comes and logs in.
3. As he logs in, a token(a string of random characters) is generated, and saved in the database.
4. The string is passed along as well, and any subsequent request will come with that token.
5. Since each request comes with a token, you can check the token for its database existence, and association with the right user.
6. As a user logs out, delete the token from the database.