Rails - Aug 2007 - Objects in Session State Revisited

Hi Folks,

I''m still a bit confused about the issue of storing "complex"
objects
in session state rather than storing simple objects.

It''s my understanding that everything is an object in Ruby.  If my
understanding is correct, then storing a string or an integer in
session means storing an object.

It would seem then that the problem of storing objects in session is a
matter of how "complex" those objects are, and that problems may arise
due if much work is required by the runtime to unmarshal larger
amounts of structured data.

With this is mind, how "bad" would it be to store the following in
session:
Struct.new("User", :name, :role).new("jdoe",
"admin")

I would prefer to keep the data pertaining to "user" (in this case)
encapsulated in a single struct and to store that struct in session.
Is this categorically a bad thing to do?

Thanks,
Scott


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 8/14/07, sbellware <sbellware-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> Hi Folks,
>
> I''m still a bit confused about the issue of storing
"complex" objects
> in session state rather than storing simple objects.
>
> It''s my understanding that everything is an object in Ruby.  If my
> understanding is correct, then storing a string or an integer in
> session means storing an object.
>
> It would seem then that the problem of storing objects in session is a
> matter of how "complex" those objects are, and that problems may
arise
> due if much work is required by the runtime to unmarshal larger
> amounts of structured data.
>
> With this is mind, how "bad" would it be to store the following
in
> session:
> Struct.new("User", :name, :role).new("jdoe",
"admin")
>
> I would prefer to keep the data pertaining to "user" (in this
case)
> encapsulated in a single struct and to store that struct in session.
> Is this categorically a bad thing to do?
>
> Thanks,
> Scott
>
>
> >
>
I think you''d be better off with

session[:user_name] = "jdoe"
session[:user_role] = "admin"

and if your users are in the db, you''d be far better off just sticking
the id in the session.

Whatever you do, you''ll want to create some kind of current_user and
current_user= methods to encapsulate the access.  That way you can
change it around all you want.

Pat

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks for the reply, Pat.

I''m still not sure *why* I''m better off though.

-s


On Aug 14, 10:48 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On
8/14/07,sbellware<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
>
>
>
>
> > Hi Folks,
>
> > I''m still a bit confused about the issue of storing
"complex" objects
> > in session state rather than storing simple objects.
>
> > It''s my understanding that everything is an object in Ruby. 
If my
> > understanding is correct, then storing a string or an integer in
> > session means storing an object.
>
> > It would seem then that the problem of storing objects in session is a
> > matter of how "complex" those objects are, and that problems
may arise
> > due if much work is required by the runtime to unmarshal larger
> > amounts of structured data.
>
> > With this is mind, how "bad" would it be to store the
following in
> > session:
> > Struct.new("User", :name, :role).new("jdoe",
"admin")
>
> > I would prefer to keep the data pertaining to "user" (in
this case)
> > encapsulated in a single struct and to store that struct in session.
> > Is this categorically a bad thing to do?
>
> > Thanks,
> > Scott
>
> I think you''d be better off with
>
> session[:user_name] = "jdoe"
> session[:user_role] = "admin"
>
> and if your users are in the db, you''d be far better off just
sticking
> the id in the session.
>
> Whatever you do, you''ll want to create some kind of current_user
and
> current_user= methods to encapsulate the access.  That way you can
> change it around all you want.
>
> Pat

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

They''re simpler and smaller.  I''m not quite sure how else to
explain it.

Pat

On 8/16/07, sbellware <sbellware-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> Thanks for the reply, Pat.
>
> I''m still not sure *why* I''m better off though.
>
> -s
>
>
> On Aug 14, 10:48 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > On
8/14/07,sbellware<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> >
> >
> >
> >
> >
> > > Hi Folks,
> >
> > > I''m still a bit confused about the issue of storing
"complex" objects
> > > in session state rather than storing simple objects.
> >
> > > It''s my understanding that everything is an object in
Ruby.  If my
> > > understanding is correct, then storing a string or an integer in
> > > session means storing an object.
> >
> > > It would seem then that the problem of storing objects in session
is a
> > > matter of how "complex" those objects are, and that
problems may arise
> > > due if much work is required by the runtime to unmarshal larger
> > > amounts of structured data.
> >
> > > With this is mind, how "bad" would it be to store the
following in
> > > session:
> > > Struct.new("User", :name, :role).new("jdoe",
"admin")
> >
> > > I would prefer to keep the data pertaining to "user"
(in this case)
> > > encapsulated in a single struct and to store that struct in
session.
> > > Is this categorically a bad thing to do?
> >
> > > Thanks,
> > > Scott
> >
> > I think you''d be better off with
> >
> > session[:user_name] = "jdoe"
> > session[:user_role] = "admin"
> >
> > and if your users are in the db, you''d be far better off just
sticking
> > the id in the session.
> >
> > Whatever you do, you''ll want to create some kind of
current_user and
> > current_user= methods to encapsulate the access.  That way you can
> > change it around all you want.
> >
> > Pat
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Smaller I grok.  The simpler part depends on what''s involved in
cleaning session state for the number of state items supporting a
completed task flow that requires multiple requests.

If a given task flow''s session state is stored as a single item,
it''s
much easier to avoid what amounts to orphaned global memory variables.

Clearing an instance of a LoanApplication object (not a model object)
from session state is easier to code, easier to test, and easier to
assure than clearing 10, 20, 50, or what ever number of individual
session state slots.

My notion here is that one session state slot per interaction is a
cleaner pattern - regardless of the platofrm.. be it Rails, ASP, JSP,
etc.

If there are serious technical limitations to storing a state value
object in session state in Rails, I''d love to hear them.  If
we''re
talking about a culturally-embedded reticence to this pattern, it
might be valuable to crack that nut open in community dialog...

Thanks,
Scott


On Aug 16, 1:25 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> They''re simpler and smaller.  I''m not quite sure how else
to explain it.
>
> Pat
>
> On 8/16/07, sbellware
<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
> > Thanks for the reply, Pat.
>
> > I''m still not sure *why* I''m better off though.
>
> > -s
>
> > On Aug 14, 10:48 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > On
8/14/07,sbellware<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> > > > Hi Folks,
>
> > > > I''m still a bit confused about the issue of storing
"complex" objects
> > > > in session state rather than storing simple objects.
>
> > > > It''s my understanding that everything is an object
in Ruby.  If my
> > > > understanding is correct, then storing a string or an
integer in
> > > > session means storing an object.
>
> > > > It would seem then that the problem of storing objects in
session is a
> > > > matter of how "complex" those objects are, and
that problems may arise
> > > > due if much work is required by the runtime to unmarshal
larger
> > > > amounts of structured data.
>
> > > > With this is mind, how "bad" would it be to store
the following in
> > > > session:
> > > > Struct.new("User", :name,
:role).new("jdoe", "admin")
>
> > > > I would prefer to keep the data pertaining to
"user" (in this case)
> > > > encapsulated in a single struct and to store that struct in
session.
> > > > Is this categorically a bad thing to do?
>
> > > > Thanks,
> > > > Scott
>
> > > I think you''d be better off with
>
> > > session[:user_name] = "jdoe"
> > > session[:user_role] = "admin"
>
> > > and if your users are in the db, you''d be far better off
just sticking
> > > the id in the session.
>
> > > Whatever you do, you''ll want to create some kind of
current_user and
> > > current_user= methods to encapsulate the access.  That way you
can
> > > change it around all you want.
>
> > > Pat

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

What if you are storing a model object in the session that could 
potentially be modified from more than one process? Say you have your 
User object in the session and an Admin disables that User. If you are 
just referencing the User object in the session, the change in status 
won''t be picked up by already existing sessions.

If you just have the user id in the session and load the object on each 
request cycle this problem is avoided.

-jc

sbellware wrote:
> Smaller I grok.  The simpler part depends on what''s involved in
> cleaning session state for the number of state items supporting a
> completed task flow that requires multiple requests.
>
> If a given task flow''s session state is stored as a single item,
it''s
> much easier to avoid what amounts to orphaned global memory variables.
>
> Clearing an instance of a LoanApplication object (not a model object)
> from session state is easier to code, easier to test, and easier to
> assure than clearing 10, 20, 50, or what ever number of individual
> session state slots.
>
> My notion here is that one session state slot per interaction is a
> cleaner pattern - regardless of the platofrm.. be it Rails, ASP, JSP,
> etc.
>
> If there are serious technical limitations to storing a state value
> object in session state in Rails, I''d love to hear them.  If
we''re
> talking about a culturally-embedded reticence to this pattern, it
> might be valuable to crack that nut open in community dialog...
>
> Thanks,
> Scott
>
>
> On Aug 16, 1:25 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>   
>> They''re simpler and smaller.  I''m not quite sure how
else to explain it.
>>
>> Pat
>>
>> On 8/16/07, sbellware
<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>
>>
>>
>>     
>>> Thanks for the reply, Pat.
>>>       
>>> I''m still not sure *why* I''m better off though.
>>>       
>>> -s
>>>       
>>> On Aug 14, 10:48 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>       
>>>> On
8/14/07,sbellware<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>>>>         
>>>>> Hi Folks,
>>>>>           
>>>>> I''m still a bit confused about the issue of
storing "complex" objects
>>>>> in session state rather than storing simple objects.
>>>>>           
>>>>> It''s my understanding that everything is an object
in Ruby.  If my
>>>>> understanding is correct, then storing a string or an
integer in
>>>>> session means storing an object.
>>>>>           
>>>>> It would seem then that the problem of storing objects in
session is a
>>>>> matter of how "complex" those objects are, and
that problems may arise
>>>>> due if much work is required by the runtime to unmarshal
larger
>>>>> amounts of structured data.
>>>>>           
>>>>> With this is mind, how "bad" would it be to store
the following in
>>>>> session:
>>>>> Struct.new("User", :name,
:role).new("jdoe", "admin")
>>>>>           
>>>>> I would prefer to keep the data pertaining to
"user" (in this case)
>>>>> encapsulated in a single struct and to store that struct in
session.
>>>>> Is this categorically a bad thing to do?
>>>>>           
>>>>> Thanks,
>>>>> Scott
>>>>>           
>>>> I think you''d be better off with
>>>>         
>>>> session[:user_name] = "jdoe"
>>>> session[:user_role] = "admin"
>>>>         
>>>> and if your users are in the db, you''d be far better
off just sticking
>>>> the id in the session.
>>>>         
>>>> Whatever you do, you''ll want to create some kind of
current_user and
>>>> current_user= methods to encapsulate the access.  That way you
can
>>>> change it around all you want.
>>>>         
>>>> Pat
>>>>         
>
>
> >
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

JC,

User is a bit of an edge case since it has the special concurrency
considerations that you''re talking about.

But for the sake of argument, if I have a threat model for the app
that suggests that instantaneous restrictions placed on a user when an
admin deactivates the user are not necessary, then I don''t need to hit
the database with each request to get the user''s permissions.  The
permissions and roles can live in session state along with the
username.

In situations like this, I''ve also stored user roles in an encrypted
authentication ticket with an expiration time different than the
session timeout.  I wouldn''t necessarily assume a need to have the
freshest possible access control information for a user unless the
requirements called for it.

I don''t think that this is an entirely realistic solution for every
app, but I''m putting it out there to suggest that there are threat
models that allow for some latency when a user is deactivated.

Ultimately, my question still remains about using a single state value
object for task flow state for a task flow that requires multiple
requests to fulfill.

I''d like to feel good about using state value objects rather than
using a myriad of individual session slots.  I''m still not clear on
the technical limitations of doing this in Rails.

Thanks again,
Scott



On Aug 16, 2:03 pm, Jesse Clark
<je...-A0oBrSHlaufCENZMoErytg@public.gmane.org>
wrote:
> What if you are storing a model object in the session that could
> potentially be modified from more than one process? Say you have your
> User object in the session and an Admin disables that User. If you are
> just referencing the User object in the session, the change in status
> won''t be picked up by already existing sessions.
>
> If you just have the user id in the session and load the object on each
> request cycle this problem is avoided.
>
> -jc
>
> sbellware wrote:
> > Smaller I grok.  The simpler part depends on what''s involved
in
> > cleaning session state for the number of state items supporting a
> > completed task flow that requires multiple requests.
>
> > If a given task flow''s session state is stored as a single
item, it''s
> > much easier to avoid what amounts to orphaned global memory variables.
>
> > Clearing an instance of a LoanApplication object (not a model object)
> > from session state is easier to code, easier to test, and easier to
> > assure than clearing 10, 20, 50, or what ever number of individual
> > session state slots.
>
> > My notion here is that one session state slot per interaction is a
> > cleaner pattern - regardless of the platofrm.. be it Rails, ASP, JSP,
> > etc.
>
> > If there are serious technical limitations to storing a state value
> > object in session state in Rails, I''d love to hear them.  If
we''re
> > talking about a culturally-embedded reticence to this pattern, it
> > might be valuable to crack that nut open in community dialog...
>
> > Thanks,
> > Scott
>
> > On Aug 16, 1:25 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> >> They''re simpler and smaller.  I''m not quite sure
how else to explain it.
>
> >> Pat
>
> >> On 8/16/07, sbellware
<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> >>> Thanks for the reply, Pat.
>
> >>> I''m still not sure *why* I''m better off
though.
>
> >>> -s
>
> >>> On Aug 14, 10:48 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> >>>> On
8/14/07,sbellware<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> >>>>> Hi Folks,
>
> >>>>> I''m still a bit confused about the issue of
storing "complex" objects
> >>>>> in session state rather than storing simple objects.
>
> >>>>> It''s my understanding that everything is an
object in Ruby.  If my
> >>>>> understanding is correct, then storing a string or an
integer in
> >>>>> session means storing an object.
>
> >>>>> It would seem then that the problem of storing objects
in session is a
> >>>>> matter of how "complex" those objects are,
and that problems may arise
> >>>>> due if much work is required by the runtime to
unmarshal larger
> >>>>> amounts of structured data.
>
> >>>>> With this is mind, how "bad" would it be to
store the following in
> >>>>> session:
> >>>>> Struct.new("User", :name,
:role).new("jdoe", "admin")
>
> >>>>> I would prefer to keep the data pertaining to
"user" (in this case)
> >>>>> encapsulated in a single struct and to store that
struct in session.
> >>>>> Is this categorically a bad thing to do?
>
> >>>>> Thanks,
> >>>>> Scott
>
> >>>> I think you''d be better off with
>
> >>>> session[:user_name] = "jdoe"
> >>>> session[:user_role] = "admin"
>
> >>>> and if your users are in the db, you''d be far
better off just sticking
> >>>> the id in the session.
>
> >>>> Whatever you do, you''ll want to create some kind
of current_user and
> >>>> current_user= methods to encapsulate the access.  That way
you can
> >>>> change it around all you want.
>
> >>>> Pat

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

sbellware wrote:
> Smaller I grok.  The simpler part depends on what''s involved in
> cleaning session state for the number of state items supporting a
> completed task flow that requires multiple requests.
> 
> If a given task flow''s session state is stored as a single item,
it''s
> much easier to avoid what amounts to orphaned global memory variables.
> 
> Clearing an instance of a LoanApplication object (not a model object)
> from session state is easier to code, easier to test, and easier to
> assure than clearing 10, 20, 50, or what ever number of individual
> session state slots.
> 
> My notion here is that one session state slot per interaction is a
> cleaner pattern - regardless of the platofrm.. be it Rails, ASP, JSP,
> etc.
> 
> If there are serious technical limitations to storing a state value
> object in session state in Rails, I''d love to hear them.  If
we''re
> talking about a culturally-embedded reticence to this pattern, it
> might be valuable to crack that nut open in community dialog...
One argument against storing larger things in the session could be that 
the session is unmarshalled on each request thus requiring a potentially 
severe overhead for requests not related to the thing you are storing in 
the session. Actually I haven''t read the source so I don''t
know if the
session object is lazily initialized so thight might me a non-issue.

Another concern is in regard to changes to code. If you decide to change 
the structure of the object old sessions will turn stale when you update 
the code. That may or may not be an issue depending on the use case.

I do agree that having a ton of session variables is also a bad thing. 
It''s all to easy to forget about some of these. I prefer putting stuff 
in the database and keeping the amount of information in the session to 
a bare minimum. I have a hunch the ideas behind REST may be helpful in 
this regard.

-- 
Cheers,
- Jacob Atzen

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Sure, there are definitely ways to handle the issues around storing 
objects in the session. I was just pointing out one of the potential 
issues with it.

There is nothing inherently bad about storing things in the session. The 
session exists so we can fake out having stateful applications using a 
stateless protocol. In AWD they say of the session, "You can store 
anything you want, subject to a few restrictions and caveats." So, it is 
up to the developer to be aware of the caveats and decide what is 
acceptable to store in the session given the situation they are coding for.

I also agree that if you are going to store a set of related data in the 
session it is better to have it contained in an Object of some sort 
referenced by a  single key ( e.g. session[:my_object] = MyObject.new( 
some_stuff ) ) as opposed to session[:user_name] = ''foo'', 
session[user_role] = ''bar'' & etc.

-jc

sbellware wrote:
> JC,
>
> User is a bit of an edge case since it has the special concurrency
> considerations that you''re talking about.
>
> But for the sake of argument, if I have a threat model for the app
> that suggests that instantaneous restrictions placed on a user when an
> admin deactivates the user are not necessary, then I don''t need to
hit
> the database with each request to get the user''s permissions.  The
> permissions and roles can live in session state along with the
> username.
>
> In situations like this, I''ve also stored user roles in an
encrypted
> authentication ticket with an expiration time different than the
> session timeout.  I wouldn''t necessarily assume a need to have the
> freshest possible access control information for a user unless the
> requirements called for it.
>
> I don''t think that this is an entirely realistic solution for
every
> app, but I''m putting it out there to suggest that there are threat
> models that allow for some latency when a user is deactivated.
>
> Ultimately, my question still remains about using a single state value
> object for task flow state for a task flow that requires multiple
> requests to fulfill.
>
> I''d like to feel good about using state value objects rather than
> using a myriad of individual session slots.  I''m still not clear
on
> the technical limitations of doing this in Rails.
>
> Thanks again,
> Scott
>
>
>
> On Aug 16, 2:03 pm, Jesse Clark
<je...-A0oBrSHlaufCENZMoErytg@public.gmane.org> wrote:
>   
>> What if you are storing a model object in the session that could
>> potentially be modified from more than one process? Say you have your
>> User object in the session and an Admin disables that User. If you are
>> just referencing the User object in the session, the change in status
>> won''t be picked up by already existing sessions.
>>
>> If you just have the user id in the session and load the object on each
>> request cycle this problem is avoided.
>>
>> -jc
>>
>> sbellware wrote:
>>     
>>> Smaller I grok.  The simpler part depends on what''s
involved in
>>> cleaning session state for the number of state items supporting a
>>> completed task flow that requires multiple requests.
>>>       
>>> If a given task flow''s session state is stored as a single
item, it''s
>>> much easier to avoid what amounts to orphaned global memory
variables.
>>>       
>>> Clearing an instance of a LoanApplication object (not a model
object)
>>> from session state is easier to code, easier to test, and easier to
>>> assure than clearing 10, 20, 50, or what ever number of individual
>>> session state slots.
>>>       
>>> My notion here is that one session state slot per interaction is a
>>> cleaner pattern - regardless of the platofrm.. be it Rails, ASP,
JSP,
>>> etc.
>>>       
>>> If there are serious technical limitations to storing a state value
>>> object in session state in Rails, I''d love to hear them. 
If we''re
>>> talking about a culturally-embedded reticence to this pattern, it
>>> might be valuable to crack that nut open in community dialog...
>>>       
>>> Thanks,
>>> Scott
>>>       
>>> On Aug 16, 1:25 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>       
>>>> They''re simpler and smaller.  I''m not quite
sure how else to explain it.
>>>>         
>>>> Pat
>>>>         
>>>> On 8/16/07, sbellware
<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>>         
>>>>> Thanks for the reply, Pat.
>>>>>           
>>>>> I''m still not sure *why* I''m better off
though.
>>>>>           
>>>>> -s
>>>>>           
>>>>> On Aug 14, 10:48 pm, "Pat Maddox"
<perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>>>           
>>>>>> On
8/14/07,sbellware<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>>>>>>             
>>>>>>> Hi Folks,
>>>>>>>               
>>>>>>> I''m still a bit confused about the issue
of storing "complex" objects
>>>>>>> in session state rather than storing simple
objects.
>>>>>>>               
>>>>>>> It''s my understanding that everything is
an object in Ruby.  If my
>>>>>>> understanding is correct, then storing a string or
an integer in
>>>>>>> session means storing an object.
>>>>>>>               
>>>>>>> It would seem then that the problem of storing
objects in session is a
>>>>>>> matter of how "complex" those objects
are, and that problems may arise
>>>>>>> due if much work is required by the runtime to
unmarshal larger
>>>>>>> amounts of structured data.
>>>>>>>               
>>>>>>> With this is mind, how "bad" would it be
to store the following in
>>>>>>> session:
>>>>>>> Struct.new("User", :name,
:role).new("jdoe", "admin")
>>>>>>>               
>>>>>>> I would prefer to keep the data pertaining to
"user" (in this case)
>>>>>>> encapsulated in a single struct and to store that
struct in session.
>>>>>>> Is this categorically a bad thing to do?
>>>>>>>               
>>>>>>> Thanks,
>>>>>>> Scott
>>>>>>>               
>>>>>> I think you''d be better off with
>>>>>>             
>>>>>> session[:user_name] = "jdoe"
>>>>>> session[:user_role] = "admin"
>>>>>>             
>>>>>> and if your users are in the db, you''d be far
better off just sticking
>>>>>> the id in the session.
>>>>>>             
>>>>>> Whatever you do, you''ll want to create some
kind of current_user and
>>>>>> current_user= methods to encapsulate the access.  That
way you can
>>>>>> change it around all you want.
>>>>>>             
>>>>>> Pat
>>>>>>             
>
>
> >
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Aug 14, 7:03 pm, sbellware
<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Hi Folks,
>
> I''m still a bit confused about the issue of storing
"complex" objects
> in session state rather than storing simple objects.
>
> It''s my understanding that everything is an object in Ruby.  If my
> understanding is correct, then storing a string or an integer in
> session means storing an object.
>
> It would seem then that the problem of storing objects in session is a
> matter of how "complex" those objects are, and that problems may
arise
> due if much work is required by the runtime to unmarshal larger
> amounts of structured data.
>
> With this is mind, how "bad" would it be to store the following
in
> session:
> Struct.new("User", :name, :role).new("jdoe",
"admin")
>
> I would prefer to keep the data pertaining to "user" (in this
case)
> encapsulated in a single struct and to store that struct in session.
> Is this categorically a bad thing to do?
>
> Thanks,
> Scott
The main reason for not putting complex objects in the session,
complex typically being defined as Model (ActiveRecord) objects, is
that the marshalling code is so smart it''s dumb.  If it encounters a
model attribute that doesn''t exist anymore, it''ll typically
blow up,
and unless you want all your users sessions invalidated by your rescue
code, you don''t want this happening.  I''ve seen some good
discussions
on this "out there", just look around, you''ll probably find
some.

That being said, let''s address your "keeping it encapsulated"
desire...

Models don''t have to be ActiveRecord based, and they don''t
have to be
stored as objects in the session.  Create yourself a CurrentUser model
that manipulates a session[:current_user] key in the session and have
that be a hash, like session[:current_user][:id] and
session[:current_user][:user_name].  Have that CurrentUser model be a
singleton or a normal object that is instantiated by a before_filter,
either way, both work just as well but the singleton design applies
better in my mind to the problem at hand.  A little meta-programming
gives you the ability to define the attribute that''ll be stored in the
session with something similar to attr_accessor.  There, it''s all nice
and encapsulated.

Cleanup, easy, session.delete(:current_user) or whatever you''re usage
requires.

Just remember one very important thing, a Model is what you need it to
be, it encapsulates things that would be ugly, unclean, and just plain
wrong to put elsewhere into very nice, compact packages ... of your
design.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Many thanks for these thoughtful replies!

-s

On Aug 17, 1:04 am, Chris
<wade.christop...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Aug 14, 7:03 pm, sbellware
<sbellw...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
> > Hi Folks,
>
> > I''m still a bit confused about the issue of storing
"complex" objects
> > in sessionstaterather than storing simple objects.
>
> > It''s my understanding that everything is an object in Ruby. 
If my
> > understanding is correct, then storing a string or an integer in
> > session means storing an object.
>
> > It would seem then that the problem of storing objects in session is a
> > matter of how "complex" those objects are, and that problems
may arise
> > due if much work is required by the runtime to unmarshal larger
> > amounts of structured data.
>
> > With this is mind, how "bad" would it be to store the
following in
> > session:
> > Struct.new("User", :name, :role).new("jdoe",
"admin")
>
> > I would prefer to keep the data pertaining to "user" (in
this case)
> > encapsulated in a single struct and to store that struct in session.
> > Is this categorically a bad thing to do?
>
> > Thanks,
> > Scott
>
> The main reason for not putting complex objects in the session,
> complex typically being defined as Model (ActiveRecord) objects, is
> that the marshalling code is so smart it''s dumb.  If it encounters
a
> model attribute that doesn''t exist anymore, it''ll
typically blow up,
> and unless you want all your users sessions invalidated by your rescue
> code, you don''t want this happening.  I''ve seen some good
discussions
> on this "out there", just look around, you''ll probably
find some.
>
> That being said, let''s address your "keeping it
encapsulated"
> desire...
>
> Models don''t have to be ActiveRecord based, and they
don''t have to be
> stored as objects in the session.  Create yourself a CurrentUser model
> that manipulates a session[:current_user] key in the session and have
> that be a hash, like session[:current_user][:id] and
> session[:current_user][:user_name].  Have that CurrentUser model be a
> singleton or a normal object that is instantiated by a before_filter,
> either way, both work just as well but the singleton design applies
> better in my mind to the problem at hand.  A little meta-programming
> gives you the ability to define the attribute that''ll be stored in
the
> session with something similar to attr_accessor.  There, it''s all
nice
> and encapsulated.
>
> Cleanup, easy, session.delete(:current_user) or whatever you''re
usage
> requires.
>
> Just remember one very important thing, a Model is what you need it to
> be, it encapsulates things that would be ugly, unclean, and just plain
> wrong to put elsewhere into very nice, compact packages ... of your
> design.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---