I have a Rails + graphql service running on a different domain, but it seems the session variable in graphql_controller.rb is nil. When I run my service locally, the session and context works as expected. Here’s an example:
# in graphql controller
def execute
context = {
session: session,
test_variable: "has access"
}
result = Schema.execute(query, variables: variables, context: context, ...)
end
# in mutation
def resolve
...
context[:session][:token] = user.token
I can easily set the session[:token] when both frontend and backend are run locally, but when I point my local to the backend on a different domain, I get a no method [] for nil type error when running context[:session][:token] = user.token
I’m think the only difference is that the hosted domain is different. Also, the context[:test_variable] is accessible in both cases
graphql/rails suggests
# If accessing from outside this domain, nullify the session
# This allows for outside API access while preventing CSRF attacks,
# but you'll have to authenticate your user separately
# protect_from_forgery with: :null_session
But I would just like to know why this issue is happening
mz-dev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.