khagimoto
2010-Sep-27 19:22 UTC
Question RE: ActionController::Base.session and ActionController::Base.session_store
I had been using the cookie-based session until recently, then switched to using active_record_store (db) as it said: # Use the database for sessions instead of the cookie-based default, # which shouldn''t be used to store highly confidential information in the session_store.rb file. Everything works fine, but I don''t really understand why it''s still setting a cookie instead of just using the session db. Is that a normal behavior when using a database for session management? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
khagimoto
2010-Sep-27 19:36 UTC
Re: Question RE: ActionController::Base.session and ActionController::Base.session_store
I see the difference now - with the session_store db instead of the cookie, the cookie is a mere reference to the record in the db. So that makes it more secure than the cookie-based. But I still have a question about the life of the session record in the session db. It doesn''t seem to get deleted when the session ends. Is there a method to do that with this class? Thanks! -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
radhames brito
2010-Sep-27 19:54 UTC
Re: Re: Question RE: ActionController::Base.session and ActionController::Base.session_store
you are suppose to deleted manually, you can create a rake task and set up a crontab. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
khagimoto
2010-Sep-27 20:25 UTC
Re: Question RE: ActionController::Base.session and ActionController::Base.session_store
thanks, radhames brito. I was hoping it was done automagically somehow.. , but found a good reference.. :-) http://translated.by/you/rails-in-a-nutshell-chapter-2-action-controller/original/?page=2 -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.