Awesome
PlugRailsCookieSessionStore
Rails compatible Plug session store.
This allows you to share session information between Rails and a Plug-based framework like Phoenix.
Version Information
Version 2.0 and higher require OTP 22 or higher.
Installation
Add PlugRailsCookieSessionStore as a dependency to your mix.exs
file:
def deps do
[{:plug_rails_cookie_session_store, "~> 2.0"}]
end
How to use with Phoenix
Copy/share the encryption information from Rails to Phoenix.
There are 4 things to copy:
- secret_key_base
- signing_salt
- encryption_salt
- session_key
Since Rails 5.2, secret_key_base
in test and development is derived as a MD5 hash of the application's name. To fetch key value you can run:
Rails.application.secret_key_base
https://www.rubydoc.info/github/rails/rails/Rails%2FApplication:secret_key_base
The secret_key_base
should be copied to Phoenix's config.exs
file. There should already be a key named like that and you should override it.
The other three values can be found somewhere in the initializers directory of your Rails project. Some people don't set the signing_salt
and encryption_salt
. If you don't find them, set them like so:
Rails.application.config.session_store :cookie_store, key: '_SOMETHING_HERE_session'
Rails.application.config.action_dispatch.encrypted_cookie_salt = 'encryption salt'
Rails.application.config.action_dispatch.encrypted_signed_cookie_salt = 'signing salt'
Configure the Cookie Store in Phoenix.
Edit the endpoint.ex
file and add the following:
# ...
plug Plug.Session,
store: PlugRailsCookieSessionStore,
key: "_SOMETHING_HERE_session",
domain: '.myapp.com',
secure: true,
signing_with_salt: true,
signing_salt: "signing salt",
encrypt: true,
encryption_salt: "encryption salt",
key_iterations: 1000,
key_length: 64,
key_digest: :sha,
serializer: Poison # see serializer details below
end
Set up a serializer
Plug & Rails must use the same strategy for serializing cookie data.
-
JSON: Since 4.1, Rails defaults to serializing cookie data with JSON. Support this strategy by getting a JSON serializer and passing it to
Plug.Session
. For example, addPoison
to your dependencies, then:plug Plug.Session, store: PlugRailsCookieSessionStore, # ... see encryption config above serializer: Poison end
You can confirm that your app uses JSON by searching for
Rails.application.config.action_dispatch.cookies_serializer = :json
in an initializer.
-
Marshal: Previous to 4.1, Rails defaulted to Ruby's
Marshal
library for serializing cookie data. You can deserialize this by addingExMarshal
to your project and defining a serializer module:defmodule RailsMarshalSessionSerializer do @moduledoc """ Share a session with a Rails app using Ruby's Marshal format. """ def encode(value) do {:ok, ExMarshal.encode(value)} end def decode(value) do {:ok, ExMarshal.decode(value)} end end
Then, pass that module as a serializer to
Plug.Session
:plug Plug.Session, store: PlugRailsCookieSessionStore, # ... see encryption config above serializer: RailsMarshalSessionSerializer end
-
Rails 3.2: Rails 3.2 uses unsalted signing, to make Phoenix share session with Rails 3.2 project you need to set up
ExMarshal
mentioned above, with following configuration in yourPlug.Session
:plug Plug.Session, store: PlugRailsCookieSessionStore, # ... see encryption/ExMarshal config above signing_with_salt: false, end
That's it!
To test it, set a session value in your Rails application:
session[:foo] = 'bar'
And print it on Phoenix in whatever Controller you want:
Logger.debug get_session(conn, "foo")