Rack Session Cookie and Sinatra - setting and accessing data

ruby cookies sinatra rack session-cookies

11,275

Solution 1

Here's what I did to fix this problem:

  use Rack::Session::Cookie, :key => 'my_app_key',
                             :path => '/',
                             :expire_after => 14400, # In seconds
                             :secret => 'secret_stuff'

Do you see the difference from the above? - No Domain, if I let Rack::Session::Cookie specify the domain or the browser (whoever does it), I have no errors between mutliple Sinatra/Rack apps...

Solution 2

Problem is with the domain 'localhost'. This thread describes in more details as to why having localhost as the domain wouldn't work: Cookies on localhost with explicit domain

A fix would be to setup a domain in your hosts file like

127.0.0.1    superduper.dev

Then set your domain in your sessions settings to superduper.dev. Then during development you can go to whatever port you might need. Ex. superduper.dev:5000

11,275

Author by

nictrix

http://blog.nictrix.net https://www.linkedin.com/in/nickwillever/

Updated on June 07, 2022

Comments

nictrix almost 2 years
I was using Rack Session Pool, however my users would get kicked off one webserver thread onto another making the session data expire. I started toying around with just enable :sessions in Sinatra, however I am unable to use that because I have mutliple apps using Sinatra (same key it appears to be using - not sure if this is because its the same host or not)

So since my apps would break each other, I now am trying Rack Session Cookie and setting the variables (same thing as enable :sessions, but you can set the variables)

Great so that works! But now I cannot access the session data the way I was using it, in Rack Session Pool and in enable: sessions
```
session[:user] = nick
puts session[:user]
```
you get the idea...

Question is why can I access session data with session[:user] in Pool and Sinatra enable :sessions, but not in Rack Session Cookie? Am I missing anything? All I am doing is below

config.ru
```
  use Rack::Session::Cookie, :key => 'key',
                             :domain => "localhost",
                             :path => '/',
                             :expire_after => 14400, # In seconds
                             :secret => 'secret'
```
EDIT:

Did some more testing and found that it's actually putting it in the session variable, however as soon as it moves to a new method or redirection the session variable appears to be dropped (is this cookie really larger than 4KBs?!) - it can't be because enable :sessions works just fine
include about 13 years

Isn't this approche very insecure?
nictrix about 13 years

If its just a cookie with no actual authentication/authorization data in it then no, your just setting sessions and putting some data in it
Lawrence I. Siden over 12 years

I have the same problem and tried your solution verbatim. But now, no matter what I put into the session hash, before do; p session ; end shows only {"session_id"=>"b59..."}.
nictrix over 12 years

That is strange, what version of sinatra and rack?