In a Sinatra App on Heroku, Session Is Not Shared Across Dynos

Which ma开发者_如何转开发kes sense. But what are some preferred work arounds for this issue?

In my comment, I suggested using rack cookie based sessions, but looking into it, the Sinatra sessions are Rack cookie sessions anyway.

Looking further, I found this in the Sinatra docs:

To improve security, the session data in the cookie is signed with a session secret. A random secret is generate for you by Sinatra. However, since this secret will change with every start of your application, you might want to set the secret yourself, so all your application instances share it:

set :session_secret, 'super secret'

So it seems each Heroku dyno is generating a different key, and so can't read each others session cookies, and you need to specify a key so each dyno uses the same one.

Rather than add a secret key to your source code, you're probably better setting an environment variable:

$ heroku config:add SESSION_KEY=a_longish_secret_key

Then in your sinatra app:

enable :sessions
set :session_secret, ENV['SESSION_KEY']

You can also use a memcached session for performance or security. Have not tried it but looked easy. 5MB free on heroku.

# In your app.rb file just add following - 
enable :sessions
set :session_secret, "some_random_value"