I have a Padrino application. And I would like to share the session between instances (load balanced machines).
I set my own secret, but I don't know what else to set to let it work for session sharing. I see domain in cookie, where is hostname of the machine. I tried to set it by
set :sessions, :domain => 'mydomain.org'
But it is not working, but it is necessary? Please, what I have to set to share the session between application instances.
Thanks to all
One way is to put the cookie info into an environment variable that is run every time Sinatra runs a new instance of the app, e.g.
require 'securerandom'
require 'encrypted_cookie'
COOKIE_SETTINGS = {
:path => "/",
:expire_after => 86400 * 60, # In seconds, 60 days
:secret => ENV["SESSION_SECRET"] || SecureRandom.hex(64),
:httponly => true
}
configure do
cookie_settings = COOKIE_SETTINGS
cookie_settings.merge!( :secure => true ) if settings.production?
use Rack::Session::EncryptedCookie, cookie_settings
end
Are you trying to share between two different applications? A little unclear with your question.
Sharing session between two entirely different applications is a security issue.
Here's a possible solution to what I think your problem may be.
use Rack::Session::Cookie, :key => 'my_app_key',
:path => '/',
:expire_after => 14400, # In seconds
:secret => 'secret_stuff'
Do you see the difference from the above? - No Domain, if I let Rack::Session::Cookie specify the domain or the browser (whoever does it), I have no errors between mutliple Sinatra/Rack apps.
