Devise Part 2: Using Redis Sessions Instead Of The Cookie Store

In the previous post, we looked at how to set up Devise with Rails 7.

Today, we will take that one step further by swapping out the default cookie store to use Redis instead.

Source code can be found here.

Prerequisites

Getting started

We will be working from the source code found here.

# Clone and change into the project
$ git clone https://github.com/okeeffed/demo-rails-7-with-devise-series
$ cd demo-rails-7-with-devise-series
$ git checkout 1-setting-up-devise

# Create required files
$ touch config/initializers/session_store.rb

# Add required gems
$ bundler add redis-rails
copy

Configuring our store to use Redis

There really isn't too much too this other than setting up an initializer.

Inside of config/initializers/session_store.rb, we will be adding the following:

Rails.application.config.session_store :redis_store,
                                       servers: ['redis://localhost:6379/0/session'],
                                       expire_after: 90.minutes,
                                       key: '_demo_devise_omniauth_react_session'
copy

At this point, we can boot up our server with bin/rails s.

Monitoring our changes to Redis

To see what is happening with the Redis store, you can run redis-cli monitor in another terminal to see what is happening.

Go back to our flow of signing in and out of the app. If you haven't created an account from part one, do so now in order to do it.

$ redis-cli monitor
OK
1646385148.623807 [0 [::1]:49436] "get" "session:2::69618aacfcd4737514bd0d540b73ccc2020b5f98a192c2baa38fda2c7618f8e0"
1646385148.880797 [0 [::1]:49436] "del" "session:2612c5dbfddbd05a599133f36b8aef68"
1646385148.883186 [0 [::1]:49436] "del" "session:2::69618aacfcd4737514bd0d540b73ccc2020b5f98a192c2baa38fda2c7618f8e0"
1646385148.884397 [0 [::1]:49436] "setex" "session:2::ecb8e65b0cdda7092604b3b3b66873202cec32d1ca1af8f589eddfde63022cdb" "5400" "\x04\b{\aI\"\x19warden.user.user.key\x06:\x06ET[\a[\x06i\x06I\"\"$2a$12$OVcvnckKRbDKK5UEPZubl.\x06;\x00TI\"\nflash\x06;\x00T{\aI\"\x0cdiscard\x06;\x00T[\x00I\"\x0cflashes\x06;\x00T{\x06I\"\x0bnotice\x06;\x00FI\"\x1cSigned in successfully.\x06;\x00T"
1646385148.905098 [0 [::1]:49436] "get" "session:2::ecb8e65b0cdda7092604b3b3b66873202cec32d1ca1af8f589eddfde63022cdb"
1646385148.920525 [0 [::1]:49436] "setex" "session:2::ecb8e65b0cdda7092604b3b3b66873202cec32d1ca1af8f589eddfde63022cdb" "5400" "\x04\b{\bI\"\x19warden.user.user.key\x06:\x06ET[\a[\x06i\x06I\"\"$2a$12$OVcvnckKRbDKK5UEPZubl.\x06;\x00TI\"\nflash\x06;\x00T{\aI\"\x0cdiscard\x06;\x00T[\x00I\"\x0cflashes\x06;\x00T{\x06I\"\x0bnotice\x06;\x00FI\"\x1cSigned in successfully.\x06;\x00TI\"\x10_csrf_token\x06;\x00FI\"0vS4dc826i_YDuGX6PGKHyHCLQp7fsUw_KiXsMByvdMs\x06;\x00F"
copy

Above is the example of some local logs that come up when I am logging in and out of the app.

If you reload the page you will still be signed in and you'll notice more requests are made to the redis-cli monitor terminal.

Flushing out sessions

One of the benefits of Redis session storage is that you have full control over the session.

If you run redis-cli flushdb in another terminal and then reload the page, you'll notice that the session has been removed and you'll be redirected to log in once again. This is one of the benefits of that control.

Summary

This part of the devise login tutorial is very short and straight-forward.

In the next post we will be looking to add Tailwind to our project and sprucing up our sign in page.

Resources and further reading

Photo credit: pawel_czerwinski