Cannot write session

[odarriba]

Using (at least) Phoenix 1.3, I cannot get the way to write into the session effectively.

At the moment I'm able to read the Rails session correctly, but nothing I write on the session is finally written in the cookie.

I've just put a test plug to print in console the content opf the session, and everything written in Rails appears, but not the things written in Phoenix. As expected, that avoids also the correct work of CSRF protection (as the key is stored in session).

Any ideas want can be happening?

My config:

  plug Plug.Session,
    store: PlugRailsCookieSessionStore,
    key: "_myapp_session",
    domain: '.acutario.dev',
    secure: true,
    signing_with_salt: true,
    signing_salt: "signing salt",
    encrypt: true,
    encryption_salt: "encryption salt",
    key_iterations: 1000,
    key_length: 64,
    key_digest: :sha,
    serializer: Poison

Thanks!

[johnknott]

I have the exact same issue. If and when I find a fix I'll post back ...

[thomasbrus]

@odarriba @johnknott I ran into the same issue and it has to do with how cookies work.

The solution is to set secure to false in your config or remove the key altogether (and rely on the default https://elixirforum.com/t/how-to-instruct-phoenix-to-set-secure-flag-https-only-on-session-cookie/14292/4)

The problem is that when Set-Cookie has the secure flag set to true, the browser will only update the cookie if the app is running on HTTPS. This is what happens with the above config. Since your app is probably not running on HTTPS in development mode, the cookie is not updated.

Rails already sets the secure flag depending on whether force_ssl is true, so Rails will write the cookie in development mode without problems.

I think it might be a good idea to update the README to leave out the secure: true key or at least explain the behaviour..