Rails session expires when app is closed in iOS Chrome and Safari

Question

Session doesn't get saved and expires when app or tab is closed using mobile Safari or Chrome. On the other hand, It works just fine on desktop browsers.

Below is the only session configuration.

config/initializers/session_store.rb

# Be sure to restart your server when you modify this file.

Rails.application.config.session_store :cookie_store, {
  key: '_myapp_session',
  domain: :all
}

• Ruby: v2.3.0
• Rails v4.2.8

Thank you for all your help.

Answer 1

Are you not using standalone applications (webapp, but with a home screen icon)? Standalone apps don't retain even persistent cookies, so anytime you close a standalone app, all session info is lost.

Also session cookies are not supposed to be persistent (should not have an expiry date, and by default they don't). A non-persistent cookie is supposed to be removed when the browser (or tab) is closed. So in fact iOS works correctly.

I think if you want to make it persistent, you can by adding expire_after: 14.days or similar. Be aware what this means though! It is considered a security risk, because such cookies will be written to disk, reopening a browser will grant access to an application if the user did not actually log out, etc.

Answer 2

A couple things to try:

• Check that you don't have "Private browsing mode" set on your mobile devices

• Make sure your key is something unique and isn't literally '_myapp_session'

• Make sure secret_token/secret_key_base (depending on rails version) is set to a unique value

• Experiment with specifying the exact domains you want instead of using :all (This is just something to test I don't know if mobile browsers would cause a poor interaction in this case.)