Rails and Merb session key and secret

Hi,

I have two apps, one in Rails, and one in Merb. Both use cookie based
session store, and are in the same domain. I set the session key and
secret to be exactly the same in both apps, but they don’t seem to get
the session data of each other.

When I try to print the cookies in each of them, I see that in the
cookies hash the value to the session key are different, for example:

one can be:

{"_portal_session"=>“BAh7CDDOh5IYXNoV2l0aEluZGNjZXNzewgiC2FjdGlvbiIJc2hvdyIHaWQiEGZvb2JhcmNsb3duIg9jb250cm9sbGVyIgp1c2VyczoQX2NzcmoNbG9jYXRpb25ZfdG9rZW4iMVRTeDVtNnZ0bXJIUHFxd3ZzZG4vc1V0VGRJTGFYMEIxTGhieTBlmZmVyZW50QWDMjRQV1U9Og9zZXNzaW9uX2lkIiUxYTc2OWY0OWQ5OWFmNDJmYTRlMTkxNzRjYjNhNzgxYQ==–5bddbee8dffa3a496426dba8e77cd46279d75726”,
“_chartbeat”=>“ev0903n9acks6ac4”, “logged-in-username”=>""}

while the other have the same key “_portal_session” with a completely
different value.

And I suspect this is the cause for not being able to share session
between the two. Is there a way to solve this problem?

Thanks.

On Jan 31, 9:51 pm, NY [email protected] wrote:

Hi,

I have two apps, one in Rails, and one in Merb. Both use cookie based
session store, and are in the same domain. I set the session key and
secret to be exactly the same in both apps, but they don’t seem to get
the session data of each other.

In the same domain (ie rails.example.com & merb.example.com) or
actually using the same hostname. If the former then you need to set
the session domain to be a common suffix of the two (ie example.com)
in this example.

Fred

Although in the future they will probably be in two different sub
domains, currently I’m experimenting both under localhost, with
different ports.

And another interesting problem is that, though the two apps are not
reading each others’ session data, setting the session key and secret
to be the same affects both. For example, after logging into the Rails
app, go to the Merb one and log in, and go back to the Rails one and
it’s no logger logged in (same for the other direction). It appears to
be that both apps try to overwrite the session, but may not
necessarily be the case.

Any ideas?

On Feb 1, 12:18 am, Frederick C. [email protected]

On Feb 2, 12:55 am, NY [email protected] wrote:

necessarily be the case.

Do Rails/Merb even store session data in the same way ?

Fred

After looking at Rails and Merb’s source code, I almost sure they
store session data in the same way (but not verified with any official
source).

One important thing I might forget to mention is that the session data
in the two apps are not exactly the same. Something stores in the
session of one may not be in the session of the other. Will this cause
the failure of sharing session between the two, assuming they store
sessions in the same way?

On Feb 2, 12:34 am, Frederick C. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs