Session Not Persisting Across Controller Actions in Rails API
Hello everyone,
I'm facing an issue with session persistence in my Rails API application. I've set up a session in one controller action (nonce
), but when I try to access it in another action (verify
), it seems to be missing.
- Controller
class UsersController < ApplicationController
before_action :log_response_headers
def log_response_headers
Rails.logger.info("Response Headers: #{response.headers}")
end
def nonce
nonce = SecureRandom.hex(16)
session[:nonce] = nonce
render json: { nonce: nonce }
end
def verify
nonce = session[:nonce]
# ... rest of the code ...
end
end
- Application Configuration
module HueBackend
class Application < Rails::Application
config.session_store :cookie_store, key: '_hue_session'
config.session_options = {
httponly: true,
same_site: "None",
secure: false
}
# ... rest of the configuration ...
Rails.application.config.middleware.insert_before ActiveRecord::Migration::CheckPending, ActionDispatch::Cookies
Rails.application.config.middleware.insert_before ActionDispatch::Cookies, Rails.application.config.session_store, Rails.application.config.session_options
end
end
- Cors configuration
Rails.application.config.middleware.insert_before 0, Rack::Cors do
allow do
origins 'localhost:5173'
resource '/api/*',
headers: :any,
methods: [:get, :post, :put, :patch, :delete, :options, :head],
credentials: true
end
end
- Front-End fetch call
const response = await fetch('api/nonce', {
credentials: "include"
});
Checks Performed:
- Verified that
credentials: "include"
is set in frontend fetch calls. - Checked the order of middlewares to ensure
ActionDispatch::Cookies
and the session store are loaded correctly. - Inspected response headers for the
Set-Cookie
header after making a request to thenonce
endpoint. - Ensured the browser isn't blocking third-party cookies.
- Checked server logs for any warnings or errors related to the session or cookies.
Despite these checks, the session doesn't seem to persist across controller actions. Any insights or suggestions would be greatly appreciated!
I can share the github too if needed. Been having a headache on this for the past days...
Thank you!