When you're using Sidekiq::Web to monitor the Sidekiq status AND have your session cookie configured to a wildcard domain like .example.com, you need to take an additional step to keep your cookies valid.

Issue

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

• Prevents you from data breaches and liability risks
• Upgrade at your own pace
• Works with modern Rubies

Read more Show archive.org snapshot

Sidekiq::Web is mounted into your Rails application and will use the Rails session cookie for protection from CSRF attacs Show archive.org snapshot . While it somehow figures out the cookie name, it does NOT respect cookie configuration like a custom domain.

This leads to duplicate session cookies, e.g. one for "www.example.com" and one for ".example.com". This in turn may break things like logging out. The good news is that only people with access to the Sidekiq::Web monitoring are affected, which are usually not customers.

Solution

You need to manually specify custom cookie configuration for Sidekiq::Web like this:

# config/initializers/sidekiq.rb

require 'sidekiq/web'
Sidekiq::Web.set :sessions, domain: <domain here, e.g. Rails.configuration.x.cookie_domain>