ring

Ahmed Hassan 2025-09-30T22:14:14.981459Z

Whenever we reload server, user logs out because server restart will invalidate all existing session cookies: https://ring-clojure.github.io/ring/ring.middleware.session.cookie.html How can we create stable key, user stays logged in? Also, I tried passing string key, but it gives deprecation WARNING:

"[ring.middleware.session.cookie] WARNING: The secret key for the"
             "session cookie\nstore should be a byte array. Secret keys as"
             "Strings have been deprecated."
How can we create byte array from string? what are best practices? (NOTE: I'm using Duct framework. https://duct-framework.org)

Apple 2025-10-01T00:46:37.157329Z

Is that what cookie store on disk or redis is for?

wevrem 2025-10-01T01:03:32.401259Z

Someone smarter than me will have a better answer, but my response is you’ll have to use a backing store for your sessions that is more permanent than memory. Otherwise restarting the server will wipe out your sessions.

Ahmed Hassan 2025-10-01T02:25:32.974639Z

Here is how I solved it:

(defn default-session-store
  ":key should be base64, generated by (crypto.random/base64 16)"
  [options]
  (cookie-store (update options :key #(buddy.core.codecs/b64->bytes %))))
Now I can pass :key generated by (crypto.random/base64 16) from environment variable or config file for application. And it won't log out all users on app/IoC restart, because now it would use same key instead of generating on each restart.

Ahmed Hassan 2025-10-01T02:33:12.122119Z

Then I have overridden :session > :store key of the ring-defaults with default-session-store function call. That solved problem completely. Relevant key for Duct framework is: :duct.middleware.web/defaults

weavejester 2025-10-01T04:12:07.435909Z

Glad you solved it! Remember to keep the key secret and out of your version control.

👍 1