Deploying my rails app logs out all of my users

Question

I'm using digital ocean's app platform to deploy my rails app. The deploy is triggered when I push to Github. I use the Sorcery gem for authentication, and the default session cookie config. Since modern rails seems to reset the session cookie on every single request, the first request post deploy doesn't look any different from the browser (encrypted "s" cookie is sent, and a new one set in the response). I'm guessing post deploy it's running in a new docker container, and for some reason can't decrypt the old cookie, but no errors or warnings are logged to the server. I'm hoping someone has seen this before and can recommend a fix or debugging strategy.

My expectation is that when the new code begins running, the app will have everything it needs to decrypt cookies written by the previous code, allowing users to stay logged in post deploy.

It's a new app that's still pretty simple. Using ruby 3.1.3p185 and Rails 7.0.4.3.

Answer 1

I've experienced this same problem on Digital Ocean's App Platform.

The cause of the problem is simple but unexpected:

• My secret_key_base is specified inside my credentials file, but the App Platform ignores this and sets a new secret_key_base in the Environment after each deploy. Rails tries to get the value for secret_key_base from ENV["SECRET_KEY_BASE"], then credentials.secret_key_base, and finally secrets.secret_key_base. Because Digital Ocean's App Platform is setting a new random SECRET_KEY_BASE in the environment, the cookies are all being reset and the sessions dropped after each deploy.

The solution for the problem is also simple:

• Set the secret_key_base in the environment variables section of the App Platform

I've submitted a ticket to Digital Ocean about this behavior, they really should look at the credentials file or just not reset the SECRET_KEY_BASE after each deploy imho.

Answer 2

A way to circonvolute the problem is to use redis to store cokies . Does this can help you ?