I need to enable/disable sessions based on the incoming IP address.
Any request coming from the IP that Rails is running from needs to
have session :off, other IPs can create a session.
Right now I''m just using a hard coded address of the system Rails is
running on--I''ll work out acquiring that dynamically as the next step.
Neither of these worked for me, and actually that makes sense now, so
what would be the way to do it?
--------------
class ApplicationController < ActionController::Base
if request.remote_ip == ''x.x.x.x'' # === request not
available here
session :off
end
--------------
class ApplicationController < ActionController::Base
before_filter :check_request_source
def check_request_source
if request.remote_ip == ''206.82.195.150''
session :off # === session not available here
end
end
-- gw
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
> Neither of these worked for me, and actually that makes sense now, so > what would be the way to do it? >Assuming the :only, :except and :session_secure options are not enough, you can also do session :off, :if => Proc.new { |req| ... } req is the request object ( so req.parameters is the parameters hash , and i would imagine that req.remote_ip would be there too. Fred> -------------- > class ApplicationController < ActionController::Base > > if request.remote_ip == ''x.x.x.x'' # === request not available here > session :off > end > > -------------- > class ApplicationController < ActionController::Base > > before_filter :check_request_source > > def check_request_source > if request.remote_ip == ''206.82.195.150'' > session :off # === session not available here > end > end > > -- gw--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On May 22, 2008, at 1:02 PM, Frederick Cheung wrote:>> Neither of these worked for me, and actually that makes sense now, so >> what would be the way to do it? > > Assuming the :only, :except and :session_secure options are not > enough, you can also do > > session :off, :if => Proc.new { |req| ... } > > req is the request object ( so req.parameters is the parameters hash , > and i would imagine that req.remote_ip would be there too.Hmm. Looked promising, but these both cause 503 errors, so I figure I don''t have some syntax twist correct. session :off, :if => Proc.new { |req| req.remote_ip == ''x.x.x.x'' } session :off, :if => Proc.new { |req| req.parameters[:remote_ip] == ''x.x.x.x'' } -- gw --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 22 May 2008, at 21:54, Greg Willits wrote:> > On May 22, 2008, at 1:02 PM, Frederick Cheung wrote: > >>> Neither of these worked for me, and actually that makes sense now, >>> so >>> what would be the way to do it? >> >> Assuming the :only, :except and :session_secure options are not >> enough, you can also do >> >> session :off, :if => Proc.new { |req| ... } >> >> req is the request object ( so req.parameters is the parameters >> hash , >> and i would imagine that req.remote_ip would be there too. > > Hmm. Looked promising, but these both cause 503 errors, so I figure I > don''t have some syntax twist correct. > > session :off, :if => Proc.new { |req| req.remote_ip == ''x.x.x.x'' } > session :off, :if => Proc.new { |req| req.parameters[:remote_ip] => ''x.x.x.x'' }The first looks about right to me and works on a rails 2.0.2 app. What the actual ruby error ? Fred --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Greg Willits wrote:> On May 22, 2008, at 1:02 PM, Frederick Cheung wrote: > >>> Neither of these worked for me, and actually that makes sense now, so >>> what would be the way to do it? >> >> Assuming the :only, :except and :session_secure options are not >> enough, you can also do >> >> session :off, :if => Proc.new { |req| ... } >> >> req is the request object ( so req.parameters is the parameters hash , >> and i would imagine that req.remote_ip would be there too. > > Hmm. Looked promising, but these both cause 503 errors, so I figure I > don''t have some syntax twist correct. > > session :off, :if => Proc.new { |req| req.remote_ip == ''x.x.x.x'' } > session :off, :if => Proc.new { |req| req.parameters[:remote_ip] => ''x.x.x.x'' } > > -- gwThis seems to work great for me: session :off, :if => Proc.new { |req| req.remote_ip == ''127.0.0.1'' } Check your log to see what the error is. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> On 22 May 2008, at 21:54, Greg Willits wrote:>>> session :off, :if => Proc.new { |req| ... }>> Hmm. Looked promising, but these both cause 503 errors, so I figure I >> don''t have some syntax twist correct. >> >> session :off, :if => Proc.new { |req| req.remote_ip == ''x.x.x.x'' } >> session :off, :if => Proc.new { |req| req.parameters[:remote_ip] =>> ''x.x.x.x'' } > > The first looks about right to me and works on a rails 2.0.2 app. What > the actual ruby error ?It does work in local dev, but not in production. No errors or messages of any kind logged to either production.log nor the mongrel. This was actually an attempt at a stop gap anyway. I probably just need to focus on getting to the root problem: excesssive empty session being generated by something pinging the home page of the application. I''ve removed/disabled all sources I can think of (load balancer monitors, nagios, monit, etc). The last thing I can think of is that mongrel itself is generating pings. As a band-aid, I was hoping to eliminate the session by IP filtering for now, but that appears to interfere with something. It''s an app I''ve inherited, written by folks new to Rails themselves, and has some stuff I haven''t yet fully figured out. Anyway... original question answered. Thanks. -- gw --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I need to resurrect this one.
I had switched to mod_rails, and was able to use this
session :off, :if=>Proc.new {|req| req.remote_ip ==
''x.x.x.x''}
to do the filtering I said I needed in my original post.
However, mod_rails is breaking other pieces of my application, and I
need to go back to a mongrel_cluster.
Another however... that session statement is causing the app to crash
when run under mongrel -- but only when run in production. Seems to
work OK in development.
There is no error message in either production.log or in mongrel.log
I''m hoping someone has some debugging ideas.
-- gw
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Greg Willits wrote:> There is no error message in either production.log or in mongrel.log > I''m hoping someone has some debugging ideas.I managed to force an error, but essentially all I am getting is that some code further in the page which uses session_id gripes that it is not available because there is no sesion object. So, it''s like the if statement is turning sessions off for all requests, not just the filtered ones. Why this would be different under mod_rails vs mongrel, I juat can''t even guess. -- gw -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
(didn''t see this come back to the list)
I need to resurrect this one.
I had switched to mod_rails, and was able to use this
session :off, :if=>Proc.new {|req| req.remote_ip ==
''x.x.x.x''}
to do the filtering I said I needed in my original post.
However, mod_rails is breaking other pieces of my application, and I
need to go back to a mongrel_cluster.
Another however... that session statement is causing the app to crash
when run under mongrel -- but only when run in production. Seems to
work OK in development.
There is no error message in either production.log or in mongrel.log
I''m hoping someone has some debugging ideas.
-- gw
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---