ring-defaults icon indicating copy to clipboard operation
ring-defaults copied to clipboard
verified publisher icon ring-clojure

Session with tomcat

Open ouvanous opened this issue 5 years ago • 1 comments

Hi, I have some troubles to have a secure and named session cookie. With this code:

  (-> (handler/site app-routes)
      (wrap-default-charset "utf-8")
      (wrap-defaults (-> secure-site-defaults
                         (assoc :cookies true)
                         (assoc-in [:session :store] (cookie-store {:key (random/bytes 16)}))
                         (assoc-in [:session :cookie-name] "JSESSIONID")
                         (assoc-in [:session :cookie-attrs] {:secure true
                                                             :http-only true})))
      (wrap-multipart-params)
      (wrap-json-params)
      (wrap-json-response)
      (wrap-gzip)))``` 

A JSESSIONID cookie is correctly  created and secured. 
But in my handlers, if  i set :session with som value in the response, a new cookie named ring-session is created and not secured. 
I must do something wrong but can't find a solution. 
Many thanks 
Samuel

ouvanous avatar Jun 30 '20 11:06 ouvanous

It sounds as if you have a wrap-session elsewhere in your code that's overriding the one in wrap-defaults. You already have a redundant wrap-multipart-params in the code segment you give, since wrap-defaults includes that already. I'd suggest taking a look through your code for instances of wrap-session, or override the var and add some debugging to see when if it's being called twice per request.

weavejester avatar Jun 30 '20 16:06 weavejester