Whenever we reload server, user logs out because server restart will invalidate all existing session cookies: https://ring-clojure.github.io/ring/ring.middleware.session.cookie.html How can we create stable key, user stays logged in? Also, I tried passing string key, but it gives deprecation WARNING:
"[ring.middleware.session.cookie] WARNING: The secret key for the"
"session cookie\nstore should be a byte array. Secret keys as"
"Strings have been deprecated."
How can we create byte array from string? what are best practices?
(NOTE: I'm using Duct framework. https://duct-framework.org)Is that what cookie store on disk or redis is for?
Someone smarter than me will have a better answer, but my response is you’ll have to use a backing store for your sessions that is more permanent than memory. Otherwise restarting the server will wipe out your sessions.
Here is how I solved it:
(defn default-session-store
":key should be base64, generated by (crypto.random/base64 16)"
[options]
(cookie-store (update options :key #(buddy.core.codecs/b64->bytes %))))
Now I can pass :key generated by (crypto.random/base64 16) from environment variable or config file for application. And it won't log out all users on app/IoC restart, because now it would use same key instead of generating on each restart.Then I have overridden :session > :store key of the ring-defaults with default-session-store function call. That solved problem completely.
Relevant key for Duct framework is: :duct.middleware.web/defaults
Glad you solved it! Remember to keep the key secret and out of your version control.