我正在使用React前端/Rails 7后端创建一个完整的堆栈项目，但我无法使用heroku部署的后端登录。在开发环境中一切正常。在生产环境中，我可以创建一个用户，在数据库中看到他们，我可以登录并成功重定向，但我不会保持登录状态。

def login!
    session[:user_id] = @user.id
end

在此之后，用户应该被重定向到主页。
当重定向发生时，主页调用API来查看用户是否被授权使用：

def logged_in?
     !!session[:user_id]
end

但是会话是空的。
下面是我的sessions controller：

class SessionsController < ApplicationController
    def create
        @user = User.find_by(username: session_params[:username])
      
        if @user && @user.authenticate(session_params[:password])
          login!
          render json: {
            logged_in: true,
            user: @user
          }
        else
          render json: { 
            status: 401,
            errors: ['Incorrect username or password, please try again.']
          }
        end
    end
    def is_logged_in?
        if logged_in? && current_user
          render json: {
            logged_in: true,
            user: current_user
          }
        else
          render json: {
            logged_in: false,
            message: 'no such user'
          }
        end
    end
    def destroy
          logout!
          render json: {
            status: 200,
            logged_out: true
          }
    end
    private
    def session_params
          params.require(:user).permit(:username, :password)
    end
end

这是我的申请表rb

require_relative "boot"

require "rails/all"

# Require the gems listed in Gemfile, including any gems
# you've limited to :test, :development, or :production.
Bundler.require(*Rails.groups)

module Wms
  class Application < Rails::Application
    # Initialize configuration defaults for originally generated Rails version.
    config.load_defaults 7.0

    # Configuration for the application, engines, and railties goes here.
    #
    # These settings can be overridden in specific environments using the files
    # in config/environments, which are processed later.
    #
    # config.time_zone = "Central Time (US & Canada)"
    # config.eager_load_paths << Rails.root.join("extras")

    # Only loads a smaller set of middleware suitable for API only apps.
    # Middleware like session, flash, cookies can be added back manually.
    # Skip views, helpers and assets when generating a new resource.

  config.middleware.insert_before 0, Rack::Cors do
    allow do
      origins '*'
      resource '*', headers: :any, methods: [:get, :post, :options]
    end
  end

   config.api_only = true

   # Adding back cookies and session middleware
   config.middleware.use ActionDispatch::Cookies
   config.middleware.use ActionDispatch::Session::CookieStore

   # Use SameSite=Strict for all cookies to help protect against CSRF
   config.action_dispatch.cookies_same_site_protection = :strict
 

  end
end

我花了几个星期的时间试图弄清楚这一点，我迫切需要帮助。有人能看一下吗？
我的后端部署在：https://floating-journey-28678.herokuapp.com。