search

railsware / rack_session_access

Rack middleware that provides access to rack.session environment
MIT License
257 stars 29 forks source link

session_store secure: true breaks this gem #34

Open chase439 opened 5 years ago

chase439 commented 5 years ago

When Rails application's Rails::Application.config.session_store :active_record_store, {key: '_some_key', secure: true", the set_rack_session and get_rack_session methods break as it seems like it can't read encrypted session data.

One solution is to condition it not to secure: true when Rails.env.test?

betelgeus13 commented 4 years ago

We have the same issue after adding SameSite='None' options to our cookies.

ayanko commented 4 years ago

Well, It's not gem issue. It's rather incorrect setup.

If you use SSL in test env then you should also configure capybara to visit your testing app server via https as well. If you don't use SSL then you should NOT set secure: true for test env.

That's all.

# * <tt>:secure</tt> - Whether this cookie is only transmitted to HTTPS servers.

https://github.com/rails/rails/blob/6-0-stable/actionpack/lib/action_dispatch/middleware/cookies.rb#L166