https://github.com/kemalcr/kemal-session

Analyse what is happening with your session cookie. In my case, the session cookie was reset everytime I went to login.

I realized, that my idea of cleaning up the old session as a first statement after successful login, before setting up the new session is not a good idea. I suspect, that the browser cookie is removed once you call env.session.destroy.

bad

      post „/login“ do |env|
           env.session.destroy #clean up any old session
           user = UserSession.new(parameters)

          env.session.object(“user”,user)

          env.redirect “/”
    end

The new session will never be set, as the cookie is marked for deletion

good

    get „/login“ do |env|
         env.session.destroy
         #show login mask
       end

       post „/login“ do |env|
          user = UserSession.new(parameters)
         env.session.object(„user“,user)
         env.redirect „/“
       end

The old session will get destroyed if the user calls /login, to ensure a blank slate for the /post state.