Wes Gamble
2008-Mar-14 20:59 UTC
How to enforce ActiveRecord session store with Rails 2.0.2?
All, Rails 2.0.2 SQL Server 2000 database SQL Server AR adapter 1.0 using ODBC Apparently the new default session store is cookie based. I was using the ActiveRecord based session store and would like to continue to do so. It appears that session data is not being written to my sessions table as used to be the case under 1.2.6. My environment.rb file has the following: Rails::Initializer.run do |config| ... config.action_controller.session_store = :active_record_store ... end Is this directive no longer sufficient for forcing the session store to be a DB table named "sessions"? If that is the case, what is the correct way to specify the AR session store? Thanks, Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Robert Walker
2008-Mar-14 22:34 UTC
Re: How to enforce ActiveRecord session store with Rails 2.0.2?
# Use the database for sessions instead of the cookie-based default, # which shouldn''t be used to store highly confidential information # (create the session table with ''rake db:sessions:create'') config.action_controller.session_store = :active_record_store Have uncommented this line in your config/environment.rb file? On Mar 14, 4:59 pm, Wes Gamble <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> All, > > Rails 2.0.2 > SQL Server 2000 database > SQL Server AR adapter 1.0 using ODBC > > Apparently the new default session store is cookie based. I was using > the ActiveRecord based session store and would like to continue to do > so. > > It appears that session data is not being written to my sessions table > as used to be the case under 1.2.6. > > My environment.rb file has the following: > > Rails::Initializer.run do |config| > ... > config.action_controller.session_store = :active_record_store > ... > end > > Is this directive no longer sufficient for forcing the session store to > be a DB table named "sessions"? If that is the case, what is the > correct way to specify the AR session store? > > Thanks, > Wes > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Robert Walker
2008-Mar-14 22:48 UTC
Re: How to enforce ActiveRecord session store with Rails 2.0.2?
I just created a simple test application and set it up to use the database for session storage. Step 1: config/environment.rb # Use the database for sessions instead of the cookie-based default, # which shouldn''t be used to store highly confidential information # (create the session table with ''rake db:sessions:create'') config.action_controller.session_store = :active_record_store Step 2: controllers/application.rb # See ActionController::RequestForgeryProtection for details # Uncomment the :secret if you''re not using the cookie session store protect_from_forgery :secret => ''5c0cf093b4866f589b91a08c048f7bfa'' This worked just fine in my test app. On Mar 14, 4:59 pm, Wes Gamble <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> All, > > Rails 2.0.2 > SQL Server 2000 database > SQL Server AR adapter 1.0 using ODBC > > Apparently the new default session store is cookie based. I was using > the ActiveRecord based session store and would like to continue to do > so. > > It appears that session data is not being written to my sessions table > as used to be the case under 1.2.6. > > My environment.rb file has the following: > > Rails::Initializer.run do |config| > ... > config.action_controller.session_store = :active_record_store > ... > end > > Is this directive no longer sufficient for forcing the session store to > be a DB table named "sessions"? If that is the case, what is the > correct way to specify the AR session store? > > Thanks, > Wes > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Wes Gamble
2008-Mar-15 06:51 UTC
Re: How to enforce ActiveRecord session store with Rails 2.0
> > Step 2: controllers/application.rb > # See ActionController::RequestForgeryProtection for details > # Uncomment the :secret if you''re not using the cookie session store > protect_from_forgery :secret => ''5c0cf093b4866f589b91a08c048f7bfa'' > > This worked just fine in my test app. >Is the protect_from_forgery setting necessary? Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Robert Walker
2008-Mar-15 14:05 UTC
Re: How to enforce ActiveRecord session store with Rails 2.0
Yes. On Mar 15, 2:51 am, Wes Gamble <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Step 2: controllers/application.rb > > # See ActionController::RequestForgeryProtection for details > > # Uncomment the :secret if you''re not using the cookie session store > > protect_from_forgery :secret => ''5c0cf093b4866f589b91a08c048f7bfa'' > > > This worked just fine in my test app. > > Is the protect_from_forgery setting necessary? > > Wes > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Wes Gamble
2008-Mar-15 18:42 UTC
Re: How to enforce ActiveRecord session store with Rails 2.0
OK, so if I just copy and paste that line into my application.rb, I get the exception: ActionController::InvalidAuthenticityToken Obviously, this token needs to be generated somehow locally by me - can you point me at any documentation that explains how to do that? Thanks, Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Wes Gamble
2008-Mar-16 08:01 UTC
Re: How to enforce ActiveRecord session store with Rails 2.0
Robert Walker wrote:> I just created a simple test application and set it up to use the > database for session storage. > > Step 1: config/environment.rb > # Use the database for sessions instead of the cookie-based default, > # which shouldn''t be used to store highly confidential information > # (create the session table with ''rake db:sessions:create'') > config.action_controller.session_store = :active_record_store > > Step 2: controllers/application.rb > # See ActionController::RequestForgeryProtection for details > # Uncomment the :secret if you''re not using the cookie session store > protect_from_forgery :secret => ''5c0cf093b4866f589b91a08c048f7bfa'' > > This worked just fine in my test app.Which database server are you on? Thanks, Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---