Search code examples
ruby-on-rails-4stomptorquebox

Torquebox stomplet session empty

I'm trying to implement user authentication for web sockets in Torquebox, and according to everything on the internet, I should be able to access the HTTP session from within a stomplet if I'm running the web app along side the stomp server, which I am.

My configuration looks something like this

web do
  context '/'
  host 'localhost'
end

stomp do
  host 'localhost'
end

stomplet GlobalStomplet do
  route '/live/socket'
end

I've tried also commenting out the web and stomp blocks but nothing changes.

Basically, the sockets are working, I can connect, and subscribe. In my stomplet, the on_subscribe method has a few debug lines

Rails.logger.debug "SESSION = #{subscriber.session}"
Rails.logger.debug "SESSION 2 = #{subscriber.getSession.getAttributeNames}"
Rails.logger.debug "SOCKET SESSION = #{TorqueBox::Session::ServletStore.load_session_data(subscriber.getSession)}"

And any other combination of these sort of things, but in every case I am given an empty session. The only exception, is when I explicitly load the session (as in the last debug line above) my session contains a session ID and something like TORQUEBOX_INITIAL_KEYS, but the session ID is not the HTTP session, and is simply something like session-1 and nothing useful.

I have an initialiser in the rails app setting up the torque box session store

MyApp::Application.config.session_store :torquebox_store, {
  key: '_app_key'
}

I don't receive any exceptions from anything so I assume there are no obvious problems, but I've tried everything I can think of and still don't have a session that I can use.

What am I doing wrong?

I'm using Torquebox 3.1.0, Rails 4, and jRuby 1.7.11

Solution

  • Well, it seems I wasn't doing anything wrong per-se, but there seems to be an underlying bug in Torquebox (filing a bug report now)

    It seems as though torque box web apps are quite happy with me assigning a custom key for the session store, and every works as expected. Unfortunately, it seems as though the stomplets are looking for the normal JSESSIONID only, and ignore the custom defined key.

    To confirm, I remove the custom key, and it worked. I then reintroduced it, and again it stopped working. With the key still in place, I manually set the JSESSIONID cookie value, and reconnected and suddenly my session appeared.