Skye Weir-Mathews
2010-Jun-08 21:51 UTC
session_options[:secure] resets session_id on every request
I''m working on an ecommerce site (in Rails 2.3) and I added: ActionController::Base.session_options[:secure] = true to ~/config/environments/production.rb Now, every time I add something to my shopping cart and navigate away I get a new session_id (which essentially empties my shopping cart). How can I get the continuity of my sessions back, while still having the session_id get set over a secure connection? I''ve attached my ~/config/environment.rb and here is my ~/config/environments/production.rb # Settings specified here will take precedence over those in config/environment.rb # The production environment is meant for finished, "live" apps. # Code is not reloaded between requests config.cache_classes = true # Use a different logger for distributed setups # config.logger = SyslogLogger.new # Full error reports are disabled and caching is turned on config.action_controller.consider_all_requests_local = false config.action_controller.perform_caching = true # Enable serving of images, stylesheets, and javascripts from an asset server # config.action_controller.asset_host "http://assets.example.com" # Disable delivery errors if you bad email addresses should just be ignored # config.action_mailer.raise_delivery_errors = false config.action_mailer.smtp_settings = { :address => "192.168.248.6", :port => 25, :domain => "babeland.com" } # Turn these on and comment out the above config options for development [THIS IS AN UGLY HACK] # config.cache_classes = false # config.action_controller.perform_caching = false # config.action_view.cache_template_extensions = false config.log_level = :debug # encypt session_id cookies # I''m only doing this in production mode because I don''t run SSL on my dev machine. # If this were system wide, I could never set the session_id cookie with my development machine ActionController::Base.session_options[:secure] = true Attachments: http://www.ruby-forum.com/attachment/4786/environment.rb -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Noha MS
2012-Oct-17 22:48 UTC
Re: session_options[:secure] resets session_id on every request
Hi I''m having the same issue but this is causing an InvalidAuthenticityToken exception to be thrown. Were you able to fix this issue? Thanks! -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Possibly Parallel Threads
- config.cache_classes true or false in test environment?
- [PATCH] remove rails2.3 deprecated config.action_view.cache_template_extensions
- ActionView::Template::Error Not a directory vendor/assets/javascripts/ production
- session_options/session
- my webpage does not send emails confimation/notification