I''m trying to wrap my head around what information is session specific and what isn''t. If I do User::x = 1 will User::x == 1 for all sessions on the same machine? I think it is the same on the same, but I''d like confirmation. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
I believe class variables are shared between sessions and are unsafe storage for session-specific information. If you''re looking for session isolated variables which can be accessed anywhere in your app, try using Thread.current. On Jan 30, 3:25 pm, Ralph Shnelvar <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> I''m trying to wrap my head around what information is session specific > and what isn''t. > > If I do > User::x = 1 > will User::x == 1 for all sessions on the same machine? > > I think it is the same on the same, but I''d like confirmation. > -- > Posted viahttp://www.ruby-forum.com/.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jan 30, 7:25 am, Ralph Shnelvar <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> I''m trying to wrap my head around what information is session specific > and what isn''t. > > If I do > User::x = 1 > will User::x == 1 for all sessions on the same machine? > > I think it is the same on the same, but I''d like confirmation.It will be the same for all requests handled by that particular instances. If you have a pool of passenger/mongrel/thin/unicorn/etc instances then each one would have a different value. Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung wrote:> If you have a pool of passenger/mongrel/thin/unicorn/etc > instances then each one would have a different value.Sigh ... more things for me to learn. Thanks for point that stuff out. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Sat, Jan 30, 2010 at 5:08 AM, Frederick Cheung <frederick.cheung-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > On Jan 30, 7:25 am, Ralph Shnelvar <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote: >> I''m trying to wrap my head around what information is session specific >> and what isn''t. >> >> If I do >> User::x = 1 >> will User::x == 1 for all sessions on the same machine? >> >> I think it is the same on the same, but I''d like confirmation. > > It will be the same for all requests handled by that particular > instances. If you have a pool of passenger/mongrel/thin/unicorn/etc > instances then each one would have a different value.And different requests for the same session might well run on different instances, so see different values. Same problem with the suggestion to use thread local variables made by a responder to this thread. I''m pretty sure that the only way to deal with values which have to be seen between requests is to either put them in some persistent storage on the server (e.g. the DB, SQL or noSQL), or in the session and let the browser give it back to you. -- Rick DeNatale Blog: http://talklikeaduck.denhaven2.com/ Twitter: http://twitter.com/RickDeNatale WWR: http://www.workingwithrails.com/person/9021-rick-denatale LinkedIn: http://www.linkedin.com/in/rickdenatale -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
> I''m pretty sure that the only way to deal with values which have to be > seen between requests is to either put them in some persistent storage > on the server (e.g. the DB, SQL or noSQL), or in the session and let > the browser give it back to you.So ... are "params" visible to 3rd parties if session management is done via a cookie-based approach? If using ActionController::Base.session_store = :active_record_store a better way to do things? If so ... why isn''t this the default? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jan 30, 2010, at 3:06 PM, Ralph Shnelvar wrote:> >> I''m pretty sure that the only way to deal with values which have to be >> seen between requests is to either put them in some persistent storage >> on the server (e.g. the DB, SQL or noSQL), or in the session and let >> the browser give it back to you. > > So ... are "params" visible to 3rd parties if session management is done > via a cookie-based approach? > If using ActionController::Base.session_store = :active_record_store a > better way to do things? If so ... why isn''t this the default?This is kind of old news, but read here to see why your cookie-based sessions are tamper resistant: http://www.rorsecurity.info/2007/11/20/rails-20-cookies/ With other session stores, you had to manually clean up periodically -- sweep up the expired cookies. It''s waaaaaaaay easier this way. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jan 30, 2010, at 3:06 PM, Ralph Shnelvar wrote:> > So ... are "params" visible to 3rd parties if session management is done > via a cookie-based approach? > If using ActionController::Base.session_store = :active_record_store a > better way to do things? If so ... why isn''t this the default?Also read here, and in particular, consider DHH''s comment: http://blog.thinkrelevance.com/2008/1/27/latest-relevance-open-source-encrypted-cookie-store -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.