is there any tutorial/comments/blog about Rails multi-user concurrency and how to prevent other users info from creeping into your session if you both are accessing the same record...a rails newbie asks??? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 7/10/07, Dave Rose <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > is there any tutorial/comments/blog about Rails multi-user concurrency > and how to prevent other users info from creeping into your session > if you both are accessing the same record...a rails newbie asks??? > > --If your asking if another user modifies an active_record that you have stored in a users session. Don''t do that. The general consensus is don''t store them there. Rails sessions make no attempt to keep in sync with the database, it just serializes the object into the session, it doesn''t hit the db again. The way that a lot of people look after this is to store just the id into the session, then have a lazy loading method to get the record. As an example, the restful_authentication plugin tracks the current user with these two methods # Accesses the current user from the session. def current_user @current_user ||= (session[:user] && User.find_by_id(session[:user])) || :false end # Store the given user in the session. def current_user=(new_user) session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id @current_user = new_user end There have been many blogs and threads on this list dealing with this issue. A quick google should turn up some answers. HTH Daniel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Daniel ----- wrote:> On 7/10/07, Dave Rose <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: >> >> >> is there any tutorial/comments/blog about Rails multi-user concurrency >> and how to prevent other users info from creeping into your session >> if you both are accessing the same record...a rails newbie asks??? >> >> -- > > > If your asking if another user modifies an active_record that you have > stored in a users session. Don''t do that. > > The general consensus is don''t store them there. Rails sessions make no > attempt to keep in sync with the database, it just serializes the object > into the session, it doesn''t hit the db again. The way that a lot of > people > look after this is to store just the id into the session, then have a > lazy > loading method to get the record. > > As an example, the restful_authentication plugin tracks the current user > with these two methods > > # Accesses the current user from the session. > def current_user > @current_user ||= (session[:user] && > User.find_by_id(session[:user])) > || :false > end > > # Store the given user in the session. > def current_user=(new_user) > session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : > new_user.id > @current_user = new_user > end > > > > There have been many blogs and threads on this list dealing with this > issue. A quick google should turn up some answers. > > HTH > Daniel...just using Rails simple defaults.... and storing things into a database how does rails protect the database records ovriting newly changed things that another user just changed...i''m going to re-write a multi-user business process tracking system and want to know will my data be safe from one user who makes changes to ID=100 at the same time another user 100 miles away also to ID=100..does rails protect each user from the other? i''ll be using Oracle -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Dave Rose wrote:
<blockquote
cite="mid0fae2ca51a595a711cbb5e057099f377-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org"
type="cite">
<pre wrap="">Daniel ----- wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On 7/10/07, Dave Rose <a
class="moz-txt-link-rfc2396E"
href="mailto:rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org"><rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org></a>
wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
is there any tutorial/comments/blog about Rails multi-user concurrency
and how to prevent other users info from creeping into your session
if you both are accessing the same record...a rails newbie asks???
--
</pre>
</blockquote>
<pre wrap="">
If your asking if another user modifies an active_record that you have
stored in a users session. Don''t do that.
The general consensus is don''t store them there. Rails sessions make
no
attempt to keep in sync with the database, it just serializes the object
into the session, it doesn''t hit the db again. The way that a lot of
people
look after this is to store just the id into the session, then have a
lazy
loading method to get the record.
As an example, the restful_authentication plugin tracks the current user
with these two methods
# Accesses the current user from the session.
def current_user
@current_user ||= (session[:user] &&
User.find_by_id(session[:user]))
|| :false
end
# Store the given user in the session.
def current_user=(new_user)
session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil :
new_user.id
@current_user = new_user
end
There have been many blogs and threads on this list dealing with this
issue. A quick google should turn up some answers.
HTH
Daniel
</pre>
</blockquote>
<pre wrap=""><!---->
...just using Rails simple defaults.... and storing things into a
database how does rails protect the database records ovriting newly
changed things that another user just changed...i''m going to re-write a
multi-user business process tracking system and want to know will my
data be safe from one user who makes changes to ID=100 at the same time
another user 100 miles away also to ID=100..does rails protect each user
from the other? i''ll be using Oracle
</pre>
</blockquote>
Check out optimistic locking.<br>
<br>
<pre class="moz-signature" cols="72">--
Jack Christensen
<a class="moz-txt-link-abbreviated"
href="mailto:jackc-/SOt/BrQZzMOf2zXYvRtkodd74u8MsAO@public.gmane.org">jackc-/SOt/BrQZzMOf2zXYvRtkodd74u8MsAO@public.gmane.org</a></pre>
<br>
--~--~---------~--~----~------------~-------~--~----~<br>
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group. <br> To post to this group,
send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
<br> To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org <br>
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en <br>
-~----------~----~----~----~------~----~------~--~---<br>
</body>
</html>
<br>