We've hit an issue with Ahoy that took us a while to figure out and to find out a root cause. It may save some time for others who potentially may hit the same issue.
The problem
Ahoy's cookie based tracking does not work as intended and it looks completely off. A lot of visits are being assigned to the very first visit with some exceptions.
Investigation
It turns out that secure_headers marks all cookies as httponly. That breaks ahoyjs functionality that parses cookies and sends their values with a request params.
Solution
The solution is to disable secure header's gem functionality that marks all cookies as httponly and explicitly tell ahoy to not use httponly cookies. It might be not ideal but it worked in our case.
SecureHeaders::Configuration.default do |config|
config.cookies = SecureHeaders::OPT_OUT
end
Ahoy.cookie_options = { httponly: false }
@ankane thank you for an amazing gem and all the contributions to the ruby community that you have made so far.
Hi there,
We've hit an issue with Ahoy that took us a while to figure out and to find out a root cause. It may save some time for others who potentially may hit the same issue.
The problem
Ahoy's cookie based tracking does not work as intended and it looks completely off. A lot of visits are being assigned to the very first visit with some exceptions.
Investigation
It turns out that secure_headers marks all cookies as
httponly. That breaks ahoyjs functionality that parses cookies and sends their values with a request params.Solution
The solution is to disable secure header's gem functionality that marks all cookies as
httponlyand explicitly tell ahoy to not usehttponlycookies. It might be not ideal but it worked in our case.@ankane thank you for an amazing gem and all the contributions to the ruby community that you have made so far.