stackoom
  简体   繁体   中英

Adding cookie session store back to Rails API app

 原文  2013-03-11 15:41:35       ruby-on-rails

Question

I have a Rails-API app. More or less "out of the box" but I want to add back cookie-based session store. Here is what I've done:

app/controllers/application_controller.rb

+ include ::ActionController::Cookies

config/application.rb

+ config.middleware.insert_after ActiveRecord::QueryCache, ActionDispatch::Cookies
+ config.middleware.insert_after ActionDispatch::Cookies, ActionDispatch::Session::CookieStore

created config/initializers/secret_token.rb

+ Namespace::Application.config.secret_token = 'token'

created config/initializers/session_store.rb

+ Namespace::Application.config.session_store :cookie_store, :key => '_namespace_key'

When I inspect the session in a controller it results:

<Rack::Session::Abstract::SessionHash:0x3fdadc5daa24 not yet loaded>

However it does appear that data is being written to and used.

But, in my browser the cookie itself is being named as '_session_id' instead of '_namespace_key'

I thought I added back every piece required for cookie based session storage, but I appear to be missing something else. Any ideas?

5 answers

solution1
 45  2016-05-10 13:36:49

If you're on Rails 5, and want to preserve config.api_only = true you could extend the middleware to add the sessions layer, adding this code after class Application < Rails::Application in config/application.rb

config.middleware.use ActionDispatch::Cookies
config.middleware.use ActionDispatch::Session::CookieStore, key: '_namespace_key'

This could come in handy when you want to have a rails api-only enabled app but have to manage user sessions with an administration panel like ActiveAdmin or Rails_Admin.

solution2
 10 ACCPTED  2013-03-12 14:04:09

You need to remove these middleware declarations from your application.rb file and add this:

config.api_only = false

This will enable session management the way you want if there is a configured session_store somewhere in your initialisers (which you have). This isn't clearly documented, but that's what you're supposed to do .

Example here .

solution3
 8  2015-04-13 16:59:38

This line is ignored because you are not using the full Rails stack:

::Rails.application.config.session_store :cookie_store,
  :key => '_namespace_key'

So instead, your session is using the default session key set here . However, you can pass these arguments directly by replacing:

config.middleware.insert_after 
  ActionDispatch::Cookies, ActionDispatch::Session::CookieStore

with:

config.middleware.insert_after
  ActionDispatch::Cookies, ActionDispatch::Session::CookieStore,
  :key => '_namespace_key'

Here's a full list of options you can pass (with a rough idea of their defaults, since some may be overridden by modules in Rails).

solution4
 6  2020-04-15 21:25:30

This worked for me in Rails 6.0, application.rb :

config.middleware.use ActionDispatch::Cookies
config.middleware.use ActionDispatch::Session::CookieStore
config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore)

If you want to set custom key (yes, it has to be set twice):

config.middleware.use ActionDispatch::Cookies
config.middleware.use ActionDispatch::Session::CookieStore, key: '_your_app'
config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, key: '_your_app')

And lastly, if you want to add expiration date - it's done here:

config.middleware.use ActionDispatch::Cookies
config.middleware.use ActionDispatch::Session::CookieStore, key: '_your_app', expire_after: 20.years 
config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, key: '_your_app')

Would have loved linking to documentation, but there's none.

solution5
 1  2022-12-08 15:06:57

This thread worked the magic for me. I was on Rails "7.0.4" and Ruby "3.1.2"

config.session_store :cookie_store, key: '_interslice_session'
config.middleware.use ActionDispatch::Cookies
config.middleware.use config.session_store, config.session_options

Below is the User.rb

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :database_authenticatable, :jwt_authenticatable, :registerable,
  :recoverable, :rememberable, :validatable, :confirmable, :lockable, 
  :timeoutable, :trackable, jwt_revocation_strategy: JwtDenylist
end

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adding sessions and session_store back into a Rails 5 API (sessions not persisting) How to find a session record in the database using the cookie value in an Rails app using activerecord activerecord-session_store rails session store sets cookie with wrong domain Disabling :cookie_only in the session store in Rails 3? How to store the flash in a different cookie to the Rails session? Rails 7 API only app requiring session store with Devise Is possible to secure a Rails API using session cookie In Rails, with cookie-based session store, are session and cookies the same thing Adding back in ActiveRecord to Rails App rails Session :cookie_store set expiration per basis
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM