When you're using Sidekiq::Web to monitor the Sidekiq status AND have your session cookie configured to a wildcard domain like .example.com, you need to take an additional step to keep your cookies valid.
Issue
Sidekiq::Web is mounted into your Rails application and
will use the Rails session cookie for protection from CSRF attacs
Show archive.org snapshot
. While it somehow figures out the cookie name, it does NOT respect cookie configuration like a custom domain.
This leads to duplicate session cookies, e.g. one for "www.example.com" and one for ".example.com". This in turn may break things like logging out. The good news is that only people with access to the Sidekiq::Web monitoring are affected, which are usually not customers.
Solution
You need to manually specify custom cookie configuration for Sidekiq::Web like this:
# config/initializers/sidekiq.rb
require 'sidekiq/web'
Sidekiq::Web.set :sessions, domain: <domain here, e.g. Rails.configuration.x.cookie_domain>
