Fork me on GitHub
#ring
<
2020-06-30
>
ouvasam06:06:05

I can't set the name and can't set the cookie secure don't understand what i am doing wrong ... I did the same as examples found on the web

ouvasam06:06:15

I fanybody has some tips ?

ouvasam08:06:20

Hi, I have some troubles to have a secure session cookie with ring I tried all the solutions i could find on the web, but it does not work and i still have a cookie named "ring-session" once i set a value in the session. The cookie name is not reflected and the cookie not secure Here is my code

(defroutes app-routes
           (GET "/" req  {:body  (str req)
                          :session {:test 1}}))

(def my-api-defaults
  (-> secure-api-defaults
      (assoc-in [:session :store] (cookie-store))
      (assoc-in [:session :cookie-name] "JSESSIONID")))

(def app
  (-> (handler/site app-routes)
      (wrap-defaults my-api-defaults)))

(defn start-server
  []
  (run-jetty app {:port 9291
                  :ssl? true}))

(defn -main [& args]
  (start-server))
Does someone have any ideay on what i am doing wrong ? (i use tomcat to deploy the war )

jumar10:06:50

Is the "tomcat deployment" part of the problem? Does it work when running from the REPL?

jumar10:06:43

@ I haven't used this with apis only UI. Looking at the api-defaults and site-defaults I'd say that the problem is there's no top-level :session config in api-defaults.

ouvasam10:06:19

Many thanks but if i set as secure-site-defaults, it stay the same. It create cookie for the session, but also create a ring-session once i want to set a value in the session 😞

jumar10:06:50

I don't use special :cookie-name It might be a stupid question but why do you need that?

ouvasam10:06:17

Cookie name is not really the problem, but it show that these params are not taken in account. Secure cookie is the main problem. With secure-site-defaults, it create a correct cookie with the correct name and the coorect secure flag. But once i set avalue, it create a ring-session cookienon secure I think the problem should come from tomcat (servlet) but i can't find how to set and use the sesssion there

jumar10:06:46

Does it work in the REPL?

ouvasam10:06:51

i can't test a secure connection wihtout tomcat

ouvasam10:06:31

The code is from all the place that use seomthing similar so i think it should work, but they don't use tomcat

ouvasam10:06:18

many thanks to had a look @! 🙏