TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Clarify session management middleware sections

Browse Source 
Addresses some comments in original PR for docs on using session management middleware in API apps
This commit is contained in:
Joe Marty 2019-12-26 09:25:47 -06:00 committed by GitHub
parent 19ea91837f
commit 3376ab8055
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
guides/source/api_app.md
View File

@ -333,25 +333,24 @@ will be:
```
### Using Session Middlewares
The following middlewares are (by default) included for session management. If one of your API clients is a browser, you might want to add one of these back in:
The following middlewares, used for session management, are excluded from API apps since they normally don't need sessions. If one of your API clients is a browser, you might want to add one of these back in:
- `ActionDispatch::Session::CacheStore`
- `ActionDispatch::Session::CookieStore`
- `ActionDispatch::Session::MemCacheStore`
The trick to adding these back in is that, by default, they are passed `session_options`
when added (including the session key), so you can't just add a `session_store.rb` initializer, add
`use ActionDispatch::Session::CookieStore` and have sessions functioning as normal.
`use ActionDispatch::Session::CookieStore` and have sessions functioning as usual. (To be clear: sessions
may work, but your session options will be ignored - i.e the session key will default to `_session_id`)
To be clear: sessions may work, but your session options will be ignored (i.e the session key will default
to `_session_id`). Instead of the initializer, you'll have to set the relevant options somewhere
before your middleware is built (like `application.rb`) and pass them to your prefered middleware,
like this:
Instead of the initializer, you'll have to set the relevant options somewhere before your middleware is
built (like `application.rb`) and pass them to your prefered middleware, like this:
**application.rb:**
```ruby
config.session_store :cookie_store, key: '_interslice_session'
config.middleware.use ActionDispatch::Cookies # Required for all session management
config.middleware.use ActionDispatch::Session::CookieStore, config.session_options
config.session_store :cookie_store, key: '_interslice_session' # <-- this also configures session_options for use below
config.middleware.use ActionDispatch::Cookies # Required for all session management (regardless of session_store)
config.middleware.use config.session_store, config.session_options
```
### Other Middleware