Sinatra not persisting session with redirect on Chrome
Asked Answered
E

4

11

Sinatra is not persisting my session with a redirect on Chrome. It is creating an entirely new session and i'm losing all my previous session data.

As an example (similar to the Sinatra docs), i'm doing something like this:

enable :sessions

get '/foo' do
  session[:user_id] = 123
  session[:session_id] # "ABC", for example

  redirect to('/bar')
end

get '/bar' do
  # this is "DEF" when responding to Chrome (wrong), 
  # but "ABC" when responding to Firefox or Safari (right)
  session[:session_id]

  # this is nil when responding to Chrome (wrong),
  # but 123 when responding to Firefox or Safari (right)
  session[:user_id]
end

I'm thinking this has something to do with how the different browsers respond to handling the session after a redirect response. Has anyone seen something similar to this, or have any ideas on how to resolve this while still using sessions?

Thanks in advance!

Emancipation answered 16/8, 2012 at 15:50 Comment(6)
Default session handling in sinatra is done with cookies, so I'd guess this has something to do with how chrome handles (or refuses to handle) Set-Cookie requests on redirects. Not sure how you can deal with that, but a simple way around the whole problem would be to use db based sessions, or in memory sessions with redis or something similar.Apanage
What is your environment? I just resolved an issue involving session storage vanishing that could be of interest, but that depends on where/how this is happening to you.Calefaction
I was having the same issue, using staging as the environment.Claudetta
chrome version? I can't replicate in 20.0.1132.57Denounce
Chrome does for sure follow the standard of setting cookies, even on a redirection. I'd look else where for a cause.Ecclesiolatry
what do you find in env['rack.session'] ?Consulate
A
2

Add this to your main app file: use Rack::Session::Cookie, :key => 'rack.session', :path => '/', :secret => 'some-random-string'

With that added, you should be able to assign session['whatever'] and have it work as expected.

Agatha answered 8/5, 2015 at 21:31 Comment(1)
Can anyone explain why this should fix the issue? Reading the Sinatra documentation it says that this can be used to add additional parameters for sessions, but I'm not sure what it does that enable :sessions doesn't?Racine
L
1

By doing enable :sessions you just get access to session per request. Sinatra has no way to keep the reference to the previous call (your redirect) as it is treated as another request.

Thus, long story short:

set :session_secret, "SecureRandom.new(10) generated thing" enable :sessions

always use enable :sessions with a secret, otherwise your session is recreated every time rack sees a request.

Luminal answered 26/9, 2017 at 3:46 Comment(0)
S
0

Please try to disable all custom cookie managament extensions is Chrome if any. After that check headers in Developer toolsNetwork. Should see 'Cookie:' field.

Sowens answered 17/11, 2012 at 16:7 Comment(0)
I
0

I think that just because you didn't set :session_secret, refer to my answer on here

Industrial answered 26/8, 2016 at 7:57 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.