Redis Session Storage Migration

Overview

Migrated from cookie-based session storage to Redis-backed sessions to prevent cookie overflow errors and improve scalability.

Changes Made

1. Session Store Configuration

  • File: config/initializers/200_session_store.rb
  • Change: Migrated from :cookie_store to :redis_store
  • Benefits:
    • Eliminates cookie size limits (4KB browser limit)
    • Improves performance for large session data
    • Better scalability across multiple servers

2. Redis Configuration

  • File: config/redis.yml (new)
  • Database Separation:
    • db: 0 - Sidekiq (existing)
    • db: 1 - Action Cable (existing)
    • db: 2 - Sessions (new)
    • db: 3 - Test sessions

3. Gem Dependencies

  • Added: redis-rails gem for Rails session store integration
  • Existing: redis and redis-namespace already present

4. Form Data Handling

  • File: app/controllers/application_controller.rb
  • Change: Removed cookie size truncation logic
  • Benefit: Can now store full form data in sessions without size limits

Deployment Steps

1. Install Dependencies

bundle install

2. Update Redis Configuration

Ensure your Redis server is running and accessible. The configuration uses:

  • Development: redis://127.0.0.1:6379/2
  • Production: redis://127.0.0.1:6379/2

3. Deploy Configuration

Add config/redis.yml to your deployment linked files in config/deploy.rb:

append :linked_files, 'config/redis.yml'

4. Restart Application

Restart your Rails application to load the new session store configuration.

Benefits

Security

  • ✅ Sessions stored server-side (more secure than cookies)
  • ✅ No sensitive data in browser cookies
  • ✅ Automatic session expiration (7 days)

Performance

  • ✅ Faster session access (Redis in-memory)
  • ✅ No cookie size limitations
  • ✅ Better handling of large form data

Scalability

  • ✅ Shared session storage across multiple app servers
  • ✅ Redis clustering support for high availability
  • ✅ Better memory management

Monitoring

Redis Memory Usage

Monitor Redis memory usage for sessions:

redis-cli info memory

Session Keys

View active sessions:

redis-cli keys "session:*"

Session Expiration

Sessions automatically expire after 7 days. Monitor with:

redis-cli ttl "session:your_session_id"

Rollback Plan

If issues arise, rollback by reverting config/initializers/200_session_store.rb:

Rails.application.config.session_store :cookie_store, key: '_hwsession',
              expire_after: 7.days,
              secure: true,
              httponly: true,
              same_site: :lax

Testing

1. Session Persistence

  • Submit forms with large data
  • Verify sessions persist across requests
  • Test session expiration

2. Form Recovery

  • Test Turnstile failure recovery
  • Verify large form data is preserved
  • Test form restoration functionality

3. Performance

  • Monitor Redis performance
  • Check memory usage
  • Verify no cookie overflow errors