5

I am trying to add prefix to session cookies in rails 6.0.3 app but couldn't find a way to get it done. I have tried adding key to options hash in session store but it didn't help and breaks my application. I am using auth-logic gem for authentication, I find no way to get it done gracefully but hopping on that there is some way.

conf/initalizers/session_store.rb

opts = {}
if Rails.configuration.host == "myapplication.com"
  opts =  {expire_after: 2.months, domain: :all}
end

unless Rails.env.test?
  opts[:secure] = true
  opts[:same_site] = :none
end
opts[:key] = '__Host-'

Rails.application.config.session_store :active_record_store, **opts

Attached is the screenshot of github cookies. I want my session headers as like in the image (prefixed with __Host-).

enter image description here

Arsii Rasheed
  • 324
  • 1
  • 5
  • 18

1 Answers1

1

As per your link...

Cookies with the __Host- prefix must have a path of / (meaning any path at the host) and must not have a Domain attribute.

So I would presume you need to remove the domain attribute and add the path. e.g.

opts = {}
if Rails.configuration.host == "myapplication.com"
  opts =  {expire_after: 2.months}
end

unless Rails.env.test?
  opts[:secure] = true
  opts[:same_site] = :none
  opts[:path] = '/'
end
opts[:key] = '__Host-'

Rails.application.config.session_store :active_record_store, **opts
Fraser
  • 15,275
  • 8
  • 53
  • 104
  • I am getting `ActionController::InvalidAuthenticityToken: Can't verify CSRF token authenticity.` error with this solution – Guillaume Sep 20 '22 at 14:55
  • @Guillaume - you would need to raise your own question and provide the relevant information. The comments section isn't the place :) – Fraser Sep 20 '22 at 15:42