How To Persist Cookies
183 views
Skip to first unread message
Kevin Pruett
Aug 11, 2014, 2:29:25 PM8/11/14
to ruby-...@googlegroups.com
I'm struggling with persisting/accessing cookies from different endpoints. I have a Grape API + a Backbone.js front-end. I'm using NGINX to avoid CORS conflicts and proxy-passing API endpoints to http://api.domain.dev and front-end routes to http://domain.dev
When I hit a route I can set the cookie, but on subsequent requests, those cookie values are lost.
Here is how Rack Cookie is setup
When I hit a route I can set the cookie, but on subsequent requests, those cookie values are lost.
Can someone help? Many thanks.
Kevin Pruett
Aug 11, 2014, 2:37:18 PM8/11/14
to ruby-...@googlegroups.com
I should mention that I'm setting the cookie and immediately redirecting like so:
On the browser end, I see only a rack.session cookie being set. Pinging another route and trying to access the previously set cookie fails.
cookies[:gh_user] = { name: auth.info.name, email: auth.info.email, uid: auth.uid, token: auth.credentials.token}
redirect "#{ENV['REGISTRATION_REDIRECT']}?message=successful%20authentication" if params['type'] == 'registration'
Daniel Doubrovkine
Aug 11, 2014, 4:08:07 PM8/11/14
to ruby-...@googlegroups.com
Does anything change if you don't redirect but return a body? Could be a bug where we don't write out cookies on a redirect.
--
You received this message because you are subscribed to the Google Groups "Grape Framework Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ruby-grape+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
dB. | Moscow - Geneva - Seattle - New York
code.dblock.org - @dblockdotorg - artsy.net - github/dblock
Kevin Pruett
Aug 12, 2014, 10:09:30 AM8/12/14
to ruby-...@googlegroups.com
Unfortunately no, it appears that the session is reset and cookies do not persist. This very well may be a symptom of my setup. Do you have any examples of how a JS front-end communicates with a Grape API properly passing cookies? I'm using a combination of Rack::Cors and NGINX. Not sure if certain configuration is necessary.
Thanks
slowjack2k
Aug 13, 2014, 4:05:52 AM8/13/14
to ruby-...@googlegroups.com
Grape Cookie != Rack::Session::Cookie
You'r using a "custom" middleware to encrypt you'r cookie. If you want to use this cookie
you have to access
with grape's cookie you access the cookie as plain data.
The next question is where do you use the `use` statement? Use applys to the current namespace and all children
namespaces.
@Daniel, redirect isn't an issue. Within Endpoint#run the cookie is read and written. redirect does not by pass this cycle.
What an issue can be is
No parameter for Domain, Path, age is set.
@Kevin Try to access your cookie via
regards
dieter
You'r using a "custom" middleware to encrypt you'r cookie. If you want to use this cookie
you have to access
env["rack.session.unpacked_cookie_data"] with grape's cookie you access the cookie as plain data.
The next question is where do you use the `use` statement? Use applys to the current namespace and all children
namespaces.
@Daniel, redirect isn't an issue. Within Endpoint#run the cookie is read and written. redirect does not by pass this cycle.
What an issue can be is
Rack::Utils.set_cookie_header! # Line cookies.rb#17
No parameter for Domain, Path, age is set.
@Kevin Try to access your cookie via
env["rack.session.unpacked_cookie_data"] or try this issue https://github.com/intridea/grape/issues/715regards
dieter
slowjack2k
Aug 13, 2014, 4:32:59 AM8/13/14
to ruby-...@googlegroups.com
PS: It's not obvious but documented.
You have to set:
You have to set:
}
If you don't do it you'r cookie from grape is restricted to api.domain.dev
But keep in mind grape cookies are not encrypted or secured.
Kevin Pruett
Aug 13, 2014, 2:06:27 PM8/13/14
to ruby-...@googlegroups.com
thanks for the reply @slowjack2k
do you recommend using `Rack::Session::Cookie` or `Grape Cookies`?
I'm receiving nil when checking for cookies
env["rack.session.unpacked_cookie_data"]#=>nilIs the another preferred way of maintaining state? Is there anything else that I could be doing wrong that you know of?
slowjack2k
Aug 13, 2014, 3:33:30 PM8/13/14
to ruby-...@googlegroups.com
Personally I don't maintain state within cookies at all. I use https://github.com/faber-lotto/grape_api_signature and sign every request.
Is only used internaly the request object should have a session accessor.
I would suggest that you wait one or two days and track the named issue above within grape.
Some discussions are going on. Maybe cookies & session will become a seperate gem
https://github.com/faber-lotto/grape_session
env["rack.session.unpacked_cookie_data"]Is only used internaly the request object should have a session accessor.
I would suggest that you wait one or two days and track the named issue above within grape.
Some discussions are going on. Maybe cookies & session will become a seperate gem
https://github.com/faber-lotto/grape_session
Kevin Pruett
Aug 13, 2014, 4:44:51 PM8/13/14
to ruby-...@googlegroups.com
thanks, these look great. really like the signed signature approach. didn't know about that
--
You received this message because you are subscribed to a topic in the Google Groups "Grape Framework Discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ruby-grape/q8ifOz8rjCs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ruby-grape+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages