Session in Rails_API gem

Question

I am using the rails_api gem in my project. I want to add session management for authentication, but it seems the session does not work. Here is my configuration in config/initializer/session_store.rb:

Pmcapi::Application.config.session_store :cookie_store, {

  key: '_pmcapi_session', 
  expire_after: 1.hour
}

I added config.api_only = false in application.rb (Adding cookie session store back to Rails API app)

and in my session_controller, I added session to store the token

# session_controller.rb
def create
  #just to generate new token
  user.reset_sso_token!
  session[:token] ||= user.sso_token
  self.current_user = user
  redirect_to root_path
end

When in application_controller, I want to access session[:token] but the result is nil:

# application_controller.rb
def authenticate_user!
  #puts("User Authentication")
  #puts(request.authorization)
  #puts(request)
  @user = User.authenticate_with_token(session[:token])
  #head :unauthorized unless @user.present?
  redirect_to sign_in_path if @user.nil?
end

I'm having the same problem. Upvoted for increased exposure. — sjmog, Nov 29 '13 at 15:20
Did you solved the issue? https://github.com/rails-api/rails-api/pull/97 — enricostn, May 15 '14 at 20:42
Also leaving this for reference: https://github.com/rails-api/rails-api/issues/73 — jottr, Oct 19 '14 at 18:41

score 2 · Answer 1 · answered Jan 13 '15 at 11:56

2

from what I can see from your config.api_only = false line this basically makes rails use the full stack rather than keeping it slim, which is the main reason you could be using rails-api So I suggest trying something like

config.middleware.use Rack::Session::Cookie

in your application controller.

If that doesn't work I recommend drawing your attention to This pull request about session management in the rails 4 stack

answered Jan 13 '15 at 11:56

Grant

446
6
24

I would take this a step further: `config.middleware.use ActionDispatch::Cookies; config.middleware.use ActionDispatch::Session::CookieStore`, and then of course, you'll have to configure both--let me know if you want an example of configuring them and I'll post it in a separate answer. If you do this, it will be easier to integrate `devise`. – Isaac Betesh Apr 13 '15 at 16:47
This save me. but, only works in application.rb, no in application_controller, not as you say...thanks – Darlan Dieterich Feb 26 '19 at 19:07

score 0 · Answer 2 · answered Nov 17 '14 at 10:53

0

Pmcapi::Application.config.session_store :cookie_store, key: '_pmcapi_session', expire_after: 1.hour can you try this in config/initializer/session_store.rb

answered Nov 17 '14 at 10:53

Sanket

165
6

score 0 · Answer 3 · answered Apr 07 '15 at 06:58

I always prefer to use well supported and documented gems rather than write my own code. the reasons for this are:

It saves you time
It saves you money
It is more maintainable
Other coders who work on your projects will more likely be familiar with what you have implemented.
Its more secure because (at least in my case) many more people with more experience than I have, have been working on it for a number of years.

With all of that out of the way I would highly recommend you use Devise or one of the other well established authentication gems rather than wrestle with this kind of thing on your own.

I found this article helpful

http://www.emilsoman.com/blog/2013/05/18/building-a-tested/

Session in Rails_API gem

3 Answers3