Sidekiq: Web UI changing session cookie.
Ruby version: 2.3.3
Sidekiq version(s): 5.2.1
Puma server: 3.12.0
I am using active_record session store with this configuration (config/initializers/session_store.rb):
Rails.application.config.session_store :active_record_store, key: '_my_key', :secure => Rails.env.production?, :httponly => true
My sidekiq web configuration looks like:
Sidekiq::Web.set :session_secret, Rails.application.secrets[:secret_token]
Sidekiq::Web.set :sessions, Rails.application.config.session_options
We were on rails 4.2.7 and everything was working ok but after update to now 5.2.1 we have issues with sidekiq web UI. Every time i go to /sidekiq it change cookie _my_key value. But it is laso very strange that when I start to type /s on first leter in logs I can see GET /sidekiq and updateing session with new _my_key value (before I press enter to load new page).
Because of this when I have Devise on this route it automatycaly logout user, and without devise I am geting Forbiden on post sidekiq actions(quiet, delete). When I comment out session_store everything working as expected.
zarnautovi
All 2 comments
I manage to work this out.
I commented out Sidekiq::Web.set :sessions, Rails.application.config.session_options
And put Sidekiq::Web.set :sessions, false
It is very strange that everything was working on Rails 4.2.7 with changing value of cookie. I supose that newer verison of gems and rails don't allow this behaviour.
zarnautovi
on 12 Sep 2018
Thanks a lot, this helped me. But why you closed this? I don't think that disabling something is a solution, so it is not resolved. If cookies are not required for Sidekiq dashboard, then Sidekiq should disable them himself.
sekrett
on 4 Sep 2019
Related issues
HenleyChiu
路
4Comments
agrobbin
路
4Comments
fatcatt316
路
4Comments
edgarjs
路
3Comments
bartimaeus
路
3Comments
Most helpful comment
I manage to work this out.
I commented out
Sidekiq::Web.set :sessions, Rails.application.config.session_optionsAnd put
Sidekiq::Web.set :sessions, falseIt is very strange that everything was working on Rails 4.2.7 with changing value of cookie. I supose that newer verison of gems and rails don't allow this behaviour.