11

Sinatra is not persisting my session with a redirect on Chrome. It is creating an entirely new session and i'm losing all my previous session data.

As an example (similar to the Sinatra docs), i'm doing something like this:

enable :sessions

get '/foo' do
  session[:user_id] = 123
  session[:session_id] # "ABC", for example

  redirect to('/bar')
end

get '/bar' do
  # this is "DEF" when responding to Chrome (wrong), 
  # but "ABC" when responding to Firefox or Safari (right)
  session[:session_id]

  # this is nil when responding to Chrome (wrong),
  # but 123 when responding to Firefox or Safari (right)
  session[:user_id]
end

I'm thinking this has something to do with how the different browsers respond to handling the session after a redirect response. Has anyone seen something similar to this, or have any ideas on how to resolve this while still using sessions?

Thanks in advance!

Marty Cortez
  • 2,325
  • 1
  • 17
  • 22
  • 2
    Default session handling in sinatra is done with cookies, so I'd guess this has something to do with how chrome handles (or refuses to handle) Set-Cookie requests on redirects. Not sure how you can deal with that, but a simple way around the whole problem would be to use db based sessions, or in memory sessions with redis or something similar. – Jonah Aug 17 '12 at 03:55
  • What is your environment? I just resolved an issue involving session storage vanishing that could be of interest, but that depends on where/how this is happening to you. – Paul Hoffer Aug 19 '12 at 22:25
  • I was having the same issue, using staging as the environment. – Zee Spencer Aug 21 '12 at 23:22
  • chrome version? I can't replicate in `20.0.1132.57` – shime Oct 28 '12 at 13:20
  • Chrome does for sure follow the standard of setting cookies, even on a redirection. I'd look else where for a cause. – Michael Baldry Oct 29 '12 at 08:24
  • 1
    what do you find in `env['rack.session']` ? – ian Nov 11 '12 at 15:09

4 Answers4

2

Add this to your main app file: use Rack::Session::Cookie, :key => 'rack.session', :path => '/', :secret => 'some-random-string'

With that added, you should be able to assign session['whatever'] and have it work as expected.

Josh Hunter
  • 1,507
  • 1
  • 12
  • 15
  • Can anyone explain why this should fix the issue? Reading the Sinatra documentation it says that this can be used to add additional parameters for sessions, but I'm not sure what it does that enable :sessions doesn't? – Michael Feb 01 '16 at 19:08
1

By doing enable :sessions you just get access to session per request. Sinatra has no way to keep the reference to the previous call (your redirect) as it is treated as another request.

Thus, long story short:

set :session_secret, "SecureRandom.new(10) generated thing" enable :sessions

always use enable :sessions with a secret, otherwise your session is recreated every time rack sees a request.

Andrew Shatnyy
  • 1,528
  • 14
  • 19
0

Please try to disable all custom cookie managament extensions is Chrome if any. After that check headers in Developer toolsNetwork. Should see 'Cookie:' field.

sashaegorov
  • 1,821
  • 20
  • 26
0

I think that just because you didn't set :session_secret, refer to my answer on here

Community
  • 1
  • 1
XQY
  • 552
  • 4
  • 17