Rails sessions not saving

Question

I\'m in the process of upgrading a Rails app from Rails 2 directly to Rails 4. I\'m using the new /config/initializers/session_store.rb file, with CookieStore

Answer 1

I had a similar symptoms. It turns out it was because I added the rails-api gem and it totally broke session saving.

Answer 2

As a general answer a couple of possible problems are

• Session size over 4K limit (which is apparently the case).

  CookieOverflow is raised if you attempt to store more than 4K of data.

Please, bear in mind that if you store an object in session, the object is previously serialized before storing it and its size would be bigger. More info on the general problem and possible solutions for the specific problem, here.

• Problems with CSRF protection.

  If the security token doesn't match what was expected, the session will be reset

Edit: To check if it is a CSRF case, you can, as Abdo comments below, temporarily disable the protect_from_forgery line in ApplicationController

Answer 3

From: Railscasts Episode 415 Upgrading to Rails 4

There’s one more configuration change we need to make, in the secret token initializer. In Rails 4 the configuration option in this file has been renamed from secret_token to secret_key_base. We’ll need to specify both options while we’re transitioning from Rails 3 but once we’ve successfully migrated our application we can remove the secret_token option. It’s best to use a different token for our secret_key_base.

This is necessary because we’re moving from a serialized cookie stored on the client to an encrypted cookie. This prevents users from easily being able to see the contents of their session cookies.

The episode includes a very good series of tips regarding upgrading from 2 to 4 and I was able to do that successfully using this tutorial.