hello,
I am trying to implement a "remember be" box for logins, however I
cant
seem to get it to work. I have tried the following 2 methods but neither
seem to work. When i check the expiry time in firefox it always says "end
of session".
What is the proper way to handle this so the session cookie
"_session_id"
doesnt expire for a year?
I tried
session[:session_expires] = 1.year.from_now
and
cookies[:_session_id] = { :value => session.session_id, :expires =>
Time.now+31536000, :domain => ".domain.com" }
I get the following in the log, but viewing the cookie in firefox doesnt
reflect this...
Cookie set: _session_id=8813731b821e4b2e9210428d42a72dff;
domain=.familysimple.com; path=/; expires=Sat, 28 Apr 2007 19:05:44 GMT
any help would be appreciated.
thanks
adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060428/a84a6354/attachment.html
Adam Denenberg wrote:> I am trying to implement a "remember be" box for logins, however I cant > seem to get it to work. I have tried the following 2 methods but > neither seem to work. When i check the expiry time in firefox it always > says "end of session". > > What is the proper way to handle this so the session cookie > "_session_id" doesnt expire for a year?The session cookie, by definition, expires when you close your browser. The "remember me" is about a persistent cookie, not the session cookie.> cookies[:_session_id] = { :value => session.session_id, :expires => > Time.now+31536000, :domain => ".domain.com" }You are almost right. Try something like this: cookies[:user_id] = { :value => user.id, :expires => Time.now+31536000, :domain => ".domain.com" } Then you need to implement logic in your controllers to read the cookie and automatically log the user in.> I get the following in the log, but viewing the cookie in firefox doesnt > reflect this... > > Cookie set: _session_id=8813731b821e4b2e9210428d42a72dff; > domain=.familysimple.com; path=/; expires=Sat, 28 Apr 2007 19:05:44 GMTIf you watch what is happening with a tool like LiveHTTPHeaders, what you see is that you are setting the session cookie, but then every controller action is updating the session cookie without a date. Hope that helps. -- Ray
Ray thanks for the help. If i understand you correctly, you can not modify the cookies[:_session_id] cookie but instead I should 1) set some other cookie with the user information in it, like user_id 2) drop in a before_filter in the application.rb controller to check to see if it exists, 3) load the session from the user_id found in this cookie thanks for clearing that up, although i am still a little foggy as to why i cant extend the life of the _session_id cookie that gets set by rails to correspond to the session data that got created. thanks adam On 4/28/06, Ray Baxter <ray@warmroom.com> wrote:> > Adam Denenberg wrote: > > > I am trying to implement a "remember be" box for logins, however I cant > > seem to get it to work. I have tried the following 2 methods but > > neither seem to work. When i check the expiry time in firefox it always > > says "end of session". > > > > What is the proper way to handle this so the session cookie > > "_session_id" doesnt expire for a year? > > The session cookie, by definition, expires when you close your browser. > The "remember me" is about a persistent cookie, not the session cookie. > > > cookies[:_session_id] = { :value => session.session_id, :expires => > > Time.now+31536000, :domain => ".domain.com" } > > You are almost right. Try something like this: > > cookies[:user_id] = { :value => user.id, :expires => Time.now+31536000, > :domain => ".domain.com" } > > Then you need to implement logic in your controllers to read the cookie > and automatically log the user in. > > > I get the following in the log, but viewing the cookie in firefox doesnt > > reflect this... > > > > Cookie set: _session_id=8813731b821e4b2e9210428d42a72dff; > > domain=.familysimple.com; path=/; expires=Sat, 28 Apr 2007 19:05:44 GMT > > If you watch what is happening with a tool like LiveHTTPHeaders, what > you see is that you are setting the session cookie, but then every > controller action is updating the session cookie without a date. > > Hope that helps. > > -- > > Ray > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060428/e03097f4/attachment.html
Adam Denenberg wrote:> Ray thanks for the help. If i understand you correctly, you can not > modify > the cookies[:_session_id] cookie but instead I should > > 1) set some other cookie with the user information in it, like user_idYes.> 2) drop in a before_filter in the application.rb controller to check to > see if it exists,Yes, that will work.> 3) load the session from the user_id found in this cookieYou could do that. It means you''ll have to store the session_id in the user table, or if you are storing your sessions in the db you could have a sessions_users table, or something similar. It depends on your application and what aspects of the session state you are interested in persisting. If there is only a small amount of data you want to store, it''s probably easier to store it in a dedicated model that you could access by user or in a cookie.> thanks for clearing that up, although i am still a little foggy as to > why i cant extend the life of the _session_id cookie that gets set by rails to > correspond to the session data that got created.Short answer, ActionController sets the session cookie on every response. You only set it once. For illustration, I copied the cookie[_session_id] code from your previous post into one of my controllers and then I hit the action in my browser while following the action in LiveHTTPHeaders. Here are the response headers that were returned to a request. HTTP/1.x 200 OK Transfer-Encoding: chunked Content-Type: text/html Set-Cookie: _session_id=a7563ea152685329ffebfd55149872d8; path=/; expires=Sat, 28 Apr 2007 23:29:08 GMT Set-Cookie: _session_id=a7563ea152685329ffebfd55149872d8; path=/ Cache-Control: no-cache Date: Fri, 28 Apr 2006 23:29:08 GMT Server: lighttpd/1.4.11 You can see that the session cookie is set twice in immediate succession. The first time your code sets it to expire in a year, the second time, ActionController sets a cookie the same name that has no expiration. The web browser overwrites your cookie with a second cookie and since it has no expiration date, the browser assumes that the cookie expires when the browser is closed. ActionController sends this cookie in every response, overwriting whatever you do. Hope that helps. -- Ray -- Posted via http://www.ruby-forum.com/.