2

I've been struggling with this for a while now and just can’t figure out why this is not working. I use Firefox/Firebug to see the session cookie being created in Development mode but when I run locally in Production the session cookie is not created. This, of course, causes all sorts of grief when the CSRF token is not in the session cookie and an exception is thrown.

The obvious place to look is in production.rb vs development.rb as all the rest of the code is the same however I can't see anything wrong there and I compared both files to a (test) newly created rails app.

Config Info:

  • session_store => cookie_store (rails default)
  • protect_from_forgery with: :exception (application_controller)

Any thoughts are appreciated. Thanks, Art

Xavjer
  • 8,838
  • 2
  • 22
  • 42
Art
  • 21
  • 1
  • 3
  • look in to it http://stackoverflow.com/questions/7187447/configure-session-store-rb-to-handle-staging-and-production – Arvind Aug 24 '15 at 14:18

2 Answers2

3

When I recently encountered the same situation, it turned out to be a problem with misconfigured session cookie domain.

Look into the HTTP headers your application sends with the responses. I guess the Set-Cookie header is sent for the session cookie as expected, but the browser refuses to save the cookie, because domain specified in the header doesn't match the actual production domain your application is running on.

To fix this, fix domain setting in the session store configuration.

Community
  • 1
  • 1
igneus
  • 963
  • 10
  • 25
0

Nope, neither of these were the problem. It was using Rack::Cached. I didn't have time to track down the why of it, just that removing it from my build stopped the problem without having to do anything else. Wish I'd had time to track this down further to help you all out.

Art
  • 21
  • 1
  • 3