2

I have a rails app running for a while now and decided to implement SSL on it since it deals with company sensitive data. So, I purchased the SSL on Heroku, setup the DNS and updated environments\production.rb with this new line:

config.force_ssl = true

This made my app route all my traffic to SSL. Later on, I found a problem that I had not foresee - my app must use some iframes and they weren't showing because they were not on SSL.

So, I decided to rollback the SSL thing and think it through a little better. I removed that line and re-deployed my app. But there is an issue now. Everybody that was exposed to the SSL deploy now has a cookie that forces them to go to SSL regardless. Even with the new deploy removing that line, they are still forcing SSL unless they clear their cookies.

What can I do to fix this? Is there a way to force those cookies to expire or to force the app to send a "don't enforce SSL" cookie?

Luis Novo
  • 574
  • 5
  • 17
  • is it really the cookie or is it the browser that remembered to connect over ssl? perhaps you can make a simple redirect (301) to send everything on port 443 to port 80? – Alex May 08 '15 at 19:27
  • Well. All I know is that deleting the cookies has solved the issue. – Luis Novo May 08 '15 at 19:55

0 Answers0