Hi everyone, I''m new to Rails and web development. I just bought up the Agile book and I''ve got a question about the :session_expires option. In the book, page 317, it says the :session_expires "option should probably not be used." Does anyone know why? The book doesn''t explain or give any indication as to why. In an application I''m working on I have a need to keep some information for a very long time between browser sessions. Is it safe to do this with the session object? Should I roll my own session like object using the cookies object and use the session object only for things that need to be remembered for a single browser session and not between browser sessions? Thanks. -- Posted via http://www.ruby-forum.com/.
typically a cookie that has no ''expires'' setting is cached in RAM and is thus dropped as soon as the browser is shut down. However, the cookie is stored on disk if an expiration date is specified. I haven''t tested this behavior with Rails, but I suspect it holds. i would just set a cookie expiration date if you want to remember little things between sessions. Large items, sensitive items, or important data should be stored in a database; storing a lot of stuff in the session would make scaling more difficult. i don''t see any real benefit from rolling your own session object when there are three persistent storage options already available to you: cookie, session, and activerecord. ed wrote:> Hi everyone, I''m new to Rails and web development. I just bought up the > Agile book and I''ve got a question about the :session_expires option. > In the book, page 317, it says the :session_expires "option should > probably not be used." Does anyone know why? The book doesn''t explain > or give any indication as to why. > > In an application I''m working on I have a need to keep some information > for a very long time between browser sessions. Is it safe to do this > with the session object? Should I roll my own session like object using > the cookies object ...no, use cookies with an expiration date in the far future.> ...and use the session object only for things that need > to be remembered for a single browser session and not between browser > sessions?yes> Thanks.
Lou Vanek wrote:> i don''t see any real benefit from rolling your own session object > when there are three persistent storage options already available > to you: cookie, session, and activerecord.I didn''t mean making a new type of persistent storage. I only meant using a cookie to store a hash id on the users computer and then using the hash id to look up values in the database which would, of course, be accessed using ActiveRecord. I would just like to wrap this functionality in an object with a easy interface like the session object. My first thought was to use the session object because it already has all the functionality built in, including the ability to set an expiration date in the far future, but it seems that the session expiration should be left alone. I think this would be a common problem. Has anyone already created a similar object? -- Posted via http://www.ruby-forum.com/.