thr3ads.net - Rails - How can I change the value of the session key. [Feb 2007]

If this information is useful, please help other people find it:
Share via:

Stephen Bannasch

2007-Feb-09 22:10 UTC

How can I change the value of the session key.

How can I change the session key "_session_id" returned to the client
from my rails apps. I''m using both 1.2.2 and 1.1.6 frameworks.

I have a strange problem. I have two rails apps that use REST to  
communicate. The problematic interaction occurs when app1 uses a  
redirect to point the client to app2. Both apps appear use the same  
session key identifier: "_session_id". When the re-direct occurs the  
session cookie from app1 is replaced by the session cookie from app  
two because they both use the same key.

Here''s some documentation on changing the primary key using in the  
session database table but I haven''t been able to get it to work:

   http://caboo.se/doc/classes/CGI/Session/ActiveRecordStore.html

The fifth paragraph suggests:

   Note that setting the primary key to the session_id frees you from  
having a separate id column if you dont want it.
   However, you must set session.model.id = session.session_id by  
hand! A before_filter on ApplicationController is a
   good place.I though perhaps rails was by default deriving the  
string for the session key from the primary key for the
   session table and tried changing it here and in the migrations but  
even though I''ve changed it every where I have found:

    CGI::Session::ActiveRecordStore::Session.table_name = "# 
{RAILS_APPLICATION_PREFIX}diy_sessions"
    CGI::Session::ActiveRecordStore::Session.primary_key = "# 
{RAILS_APPLICATION_PREFIX}diy_session_id"

I still get this suspicious error:

Mysql::Error: Unknown column ''session_id'' in ''where
clause'': SELECT *
FROM teemss2_diy_sessions WHERE (session_id =  
''8e4863f1ca1943753def464382ce88bb'')  LIMIT 1

Sure does look like there is some other place the primary key is set.

Here''s the forensics:

My logged-in user''s been working in app1 and their browser''s
been
happily exchanging their session cookie back and forth with app1:

   http://concord.org/app1/page/list

   GET /app1/page/list HTTP/1.1
   Cookie: _session_id=da43fd21e94f6096670716f0a9f71549

   HTTP/1.x 200 OK
   Set-Cookie: _session_id=da43fd21e94f6096670716f0a9f71549; path=/

----------------------------------------------------------

Now they request a resource from app1 which re-directs them to app2  
where the jnlp they want is actually generated:

   http://concord.org/app1/page/sail_jnlp/6/1

   GET /app1/page/sail_jnlp/6/1 HTTP/1.1
   Cookie: _session_id=da43fd21e94f6096670716f0a9f71549

   HTTP/1.x 302 Found
   Set-Cookie: _session_id=da43fd21e94f6096670716f0a9f71549; path=/

----------------------------------------------------------

App1 is the ''portal'' they login to and interact with but app2
generates the jnlp and other resources. The response from app2  
however sets a new session cookie with the same session key.

   http://concord.org/app2/offering/139/jnlp/529? 
sailotrunk.otmlurl=http://concord.org/app1/page/otml/6/1

   GET /sds/5/offering/139/jnlp/529?sailotrunk.otmlurl=http:// 
concord.org/app1/page/otml/6/1 HTTP/1.1
   Cookie: _session_id=da43fd21e94f6096670716f0a9f71549

   HTTP/1.x 200 OK
   Set-Cookie: _session_id=6df71f8e551b3b2de83d4fb0f43d7d56; path=/

When the Java program starts up it requests a REST resource to  
specify the content from app1 with the sailotrunk.otmlurl url parameter:

   http://concord.org/app1/page/otml/6/1

----------------------------------------------------------

So after the webstart program has started and the user gets back to  
the browser window with app1 sitting in it and clicks on the home  
page link the browser sends both session cookies back to the server  
but app1 now responds with an entirely new cookie and my logged-in  
user is now not logged-in.

   http://concord.org/app1/home

   GET /app1/home HTTP/1.1
   Cookie: _session_id=6df71f8e551b3b2de83d4fb0f43d7d56
   _session_id=da43fd21e94f6096670716f0a9f71549

   HTTP/1.x 200 OK
   Set-Cookie: _session_id=99b095b227bdd6c3918841df3a6c5278; path=/


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Andy Triboletti

2007-Feb-09 22:32 UTC

head link

customizing map.resources for REST

I want to customize map.resources so it uses a uid in the URL instead  
of the database id.   The uid is a field on my object.

So I have map.resources :things in routes.rb and I can update a thing  
by accessing POST /thing/1.  Instead I want to update the thing by  
POST /thing/80ed14ce098affc2  The thing has an id of 1 and a uid of  
80ed14ce098affc2

Any options other then getting rid of map.resources and explicitly  
defining all the REST routes?

Thanks
Andy

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Lionel Bouton

2007-Feb-09 23:05 UTC

head link

Re: How can I change the value of the session key.

Stephen Bannasch wrote the following on 09.02.2007 23:10
:> How can I change the session key "_session_id" returned to the
client
> from my rails apps. I''m using both 1.2.2 and 1.1.6 frameworks.
>
> I have a strange problem. I have two rails apps that use REST to  
> communicate. The problematic interaction occurs when app1 uses a  
> redirect to point the client to app2. Both apps appear use the same  
> session key identifier: "_session_id". When the re-direct occurs
the
> session cookie from app1 is replaced by the session cookie from app  
> two because they both use the same key.
>
> Here''s some documentation on changing the primary key using in the
> session database table but I haven''t been able to get it to work:
>
>    http://caboo.se/doc/classes/CGI/Session/ActiveRecordStore.html
>   
I don''t think you want to change the column used to store the cookie.
You don''t want your applications cookies to overlap. You can do it
either by using different system names (accessing your applications
through http://app<n>.concord.org instead of
http://concord.org/app<n>)
or by using the path attribute of the cookie header.
> [...]
>
>    GET /app1/page/list HTTP/1.1
>    Cookie: _session_id=da43fd21e94f6096670716f0a9f71549
>
>    HTTP/1.x 200 OK
>    Set-Cookie: _session_id=da43fd21e94f6096670716f0a9f71549; path=/
>   
Here, if Rails used :

Set-Cookie: _session_id=da43fd21e94f6096670716f0a9f71549; path=/app1

and in app2 later :
>    Set-Cookie: _session_id=6df71f8e551b3b2de83d4fb0f43d7d56; path=/
>   
Set-Cookie: _session_id=6df71f8e551b3b2de83d4fb0f43d7d56; path=/app2 instead

You wouln''t have these problems.


I believe that using 

ActionController::Base.session_options[:session_path] =
"/app<n>"

in environment.rb would solve your problem (not tested).

You could eliminate this problem by sharing the session store between your
applications  if need be (this require that you can indeed share the session
data between your applications).

Lionel.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

mati

2007-Feb-10 10:37 UTC

head link

Re: How can I change the value of the session key.

Stephen Bannasch wrote:> How can I change the session key "_session_id" returned to the
client
> from my rails apps. I''m using both 1.2.2 and 1.1.6 frameworks.
Wouldn''t

  class ApplicationController < ActionController::Base
    # Pick a unique cookie name to distinguish our session data from 
others''
    session :session_key => ''_some_unique_session_id''
  end

do what you''re after?

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Rails - Feb 2007 - How can I change the value of the session key.

How can I change the value of the session key.

customizing map.resources for REST

Re: How can I change the value of the session key.

Re: How can I change the value of the session key.