Reputation: 3534
Rails not retaining session on second call when deployed to heroku
I have created a Rails app that I'm using as api app (with an angular front end). When I try to create a session on SessionsController#create, I am setting session[:user_id] and returning a user object. My front end app is successfully getting this object and redirecting the browser to #/dashboard. DashboardComponent has a guard that calls my SessionsController#logged_in which checks for a session in my rails app. When I'm running locally, this works with no issues. However, when deployed to Heroku, session[:user_id] is empty. I'm not sure what I'm doing wrong. I know it's not a CORS or a CSRF issue because my client app gets the user object (I am logging it to the console).
Here is my initializers/session_store.rb
if Rails.env == "production"
Rails.application.config.session_store :cookie_store, key: "_myapp", domain: "api-app.herokuapp.com"
else
Rails.application.config.session_store :cookie_store, key: "_myapp"
end
And just for fun, here's my initializers/cors.rb
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins "http://localhost:4200", "https://angular-app.herokuapp.com"
resource "*",
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head],
credentials: true
end
end
SessionsController.rb
class SessionsController < ApplicationController
include CurrentUserConcern
def create
user = User
.find_by(email: params["email"])
.try(:authenticate, params["password"])
if user
session[:user_id] = user.id
render json: user, status: :created
else
head :unauthorized
end
end
def logged_in
if @current_user
render json: @current_user, status: :ok
else
head :no_content
end
end
def logout
reset_session
head :no_content
end
end
current_user_concern.rb
module CurrentUserConcern
extend ActiveSupport::Concern
included do
before_action :set_current_user, only: [:logged_in]
end
def set_current_user
puts session[:user_id]
if session[:user_id]
@current_user = User.find(session[:user_id])
end
end
end
I can provide any other code that might help
Upvotes: 0
Views: 381
Answers (1)
Reputation: 3534
I was able to solve this issue with a custom domain name. i set my angular app to use www.kroe761.com and my api to use api.kroe761.com. i then set my session_store to this:
Rails.application.config.session_store :cookie_store, key: "_myapp", domain: :all, tld_length: 2
So, clearly the issue had something to do with the domains of the client and api being different. I don't know how to configure everything under that scenario (if you do, please add an answer for my edification), but for now the issue is resolved.
Upvotes: 1
Related Questions
- Rails session doesn't persist
- Rails app on heroku not allowing logout
- Devise new sessions issue with Heroku
- Weird behavior with session cookies
- rails session being reset intermittently
- Rails session store stopped working correctly
- Rails on Heroku: session variables nil
- Heroku sign in doesn't persist
- Rails 3 session resets when redirecting to custom domain page but session stays for heroku default domain
- rails 3, heroku, how to use sessions