on 8/24/2005 7:34 PM Joe Van Dyk said the following:
>Hi,
>
>When a user deletes their cookies, should they still be able to access
>their session? I''m deleting cookies in my browser, but Rails seems
to
>keep the session stuff around.
>
Are you saying that you still have session records on the file system,
or in your database, after the user deletes their cookies? Or are you
saying that the user is still able to connect to their session after
deleting their cookies?
If the first, the handling of the session by Rails is under your control
as a developer. The you delete the records based on the rules that you
choose. See page 321 of AWDwR for suggested implementations.
The second is a browser issue, not a Rails issue. There are two types of
cookies, session cookies and persistent cookies. Session cookies have no
expiration date, they cease to exist at the moment that the browser is
closed, and they are not effected by deleting of cookies in the browser.
Persistent cookies do have an expiration date, they cease to exist when
the user deletes them or when the browser detects that their expiration
date is past.
In development, it is sometimes useful to delete the session from the
file system or database on the server side. The session cookie that the
browser presents will be rejected, and a new session is created. This is
sometimes useful if you don''t want to close your browser for some
reason.
There is also a Firefox extension, Add N Edit Cookies that seems to
allow you to delete session cookies in the browser. I haven''t tried it.
Ray