Rails - Jan 2011 - ActiveRecord Session Store problem with AuthLogic

I have asked about this problem elsewhere and have as yet not had any
answer.

I cannot determine what is wrong with our Session store
configuration.  In Rails2 we used AR store with AuthLogic without
problem.  When we switched to Rails3 we ended up using cookie store
because we could not get AR store to work.  Now I would like to
discover why we are having this problem and fix it.

What is NOT happening is that the session_id in the sessions model
is not being initialized.  Therefore we see this DBMS error:

      PGError: ERROR:  null value in column "session_id" violates
not-null constraint
      : INSERT INTO "sessions" ("session_id",
"updated_at",
"created_at", "lock_version", "data") VALUES
(NULL, .  .  .

We never explicitly set session_id in Rails2 and I cannot figure out
how to do so so now.  Does anyone know hat one must do to initialize
session_id from inside AuthLogic?

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

James Byrne wrote in post #975693:
> I have asked about this problem elsewhere and have as yet not had any
> answer.
>
> I cannot determine what is wrong with our Session store
> configuration.  In Rails2 we used AR store with AuthLogic without
> problem.  When we switched to Rails3 we ended up using cookie store
> because we could not get AR store to work.  Now I would like to
> discover why we are having this problem and fix it.
>
> What is NOT happening is that the session_id in the sessions model
> is not being initialized.  Therefore we see this DBMS error:
>
>       PGError: ERROR:  null value in column "session_id" violates
> not-null constraint
>       : INSERT INTO "sessions" ("session_id",
"updated_at",
> "created_at", "lock_version", "data") VALUES
(NULL, .  .  .
>
> We never explicitly set session_id in Rails2 and I cannot figure out
> how to do so so now.  Does anyone know hat one must do to initialize
> session_id from inside AuthLogic?
AFAIK the choice of session store should be independent of any 
authentication framework. Have you tried creating new blank Rails 3.0 
application and checking the session store configuration?

Here is what I see from doing so:

./initializers/session_store.rb
-----------------------------
# Be sure to restart your server when you modify this file.

# Demo::Application.config.session_store :cookie_store, :key => 
''_demo_session''

# Use the database for sessions instead of the cookie-based default,
# which shouldn''t be used to store highly confidential information
# (create the session table with "rails generate session_migration")
Demo::Application.config.session_store :active_record_store
-----------------------------

I simple commented out the cookie store config and replaced it with the 
AR session store config. then ran the generator as shown above.

./db/schema.rb
-----------------------------
  create_table "sessions", :force => true do |t|
    t.string   "session_id", :null => false
    t.text     "data"
    t.datetime "created_at"
    t.datetime "updated_at"
  end

  add_index "sessions", ["session_id"], :name => 
"index_sessions_on_session_id"
  add_index "sessions", ["updated_at"], :name => 
"index_sessions_on_updated_at"
-----------------------------

./app/controllers/welome_controller.rb
-----------------------------
class ApplicationController < ActionController::Base
  protect_from_forgery

  before_filter :force_session_use

private
  def force_session_use
    session[:user_id] = 1
  end
end
-----------------------------

A little code to force a value into the session.

./app/views/welcome/index.html.erb
-----------------------------
<h1>Welcome#index</h1>
<p>Session contains user_id: <%= session[:user_id] %></p>
-----------------------------

Read the value back from the session.

sessions table in database
-----------------------------
sqlite> select * from sessions;
id|session_id|data|created_at|updated_at
1|4e3b2648c9a9fb292fc45b756f7e8908|BAh7B0kiDHVzZXJfaWQGOgZFRmkGSSIQX2NzcmZfdG9rZW4GOwBGSSIxeTdI
VEdlRDJ1ZURQa0kwdEZOcjNaSi9wVE1NUVg5Y2ZyMDdQSTJXMWdWdz0GOwBG
|2011-01-18 20:07:12.597419|2011-01-18 20:07:12.597419
-----------------------------

And finally we get the session data stored in the database.

No AuthLogic or anything else involved. I''d check your session store 
configuration against what I showed here. Good luck.

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Robert Walker wrote in post #975828:
>
> No AuthLogic or anything else involved. I''d check your session
store
> configuration against what I showed here. Good luck.
I have checked both the session store and the session migration.  I can 
see no problems there. The way we migrated from 2.3 to 3.0 was to first 
create a new Rails 3 application and then copy in the .git directory 
from the original.  We then reconciled all of the diffs. As far as I can 
determine, all of the cruft was left behind.

I have no doubt that AR Session Store works in a new Rails 3 application 
without AuthLogic.  But that is irrelevant.  The entire issue revolves 
around getting AuthLogic to work with AR Session Store.

I simply cannot get AR Session Store to work with our AuthLogic setup. I 
cannot discover why it works in Rails 2.3.8 and not in Rails 3.0.3.

Presumably, AuthLogic sets session.session_id to some value somewhere. 
However, AL uses an attribute called session_id to keep track of 
multiple concurrent sessions for the same user and I wonder if there is 
some problem that practice introduced in Rails3.

I have asked about this on the AL list when it first cropped up and I 
never received any reply.  Does anyone here happen to use AL and AR SS 
together on a Rails 3 project?

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

How does AR Session Store handle the case where there is no session?

In other words, some of the web pages that are produced by our 
application are meant to be publicly viewed without logging in.  This 
seems to be the problem.  It on the welcome page that the show action is 
causing the DBMS to throw a null entry error.

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

James Byrne wrote in post #975862:
> How does AR Session Store handle the case where there is no session?
>
> In other words, some of the web pages that are produced by our
> application are meant to be publicly viewed without logging in.  This
> seems to be the problem.  It on the welcome page that the show action is
> causing the DBMS to throw a null entry error.
Sessions are independent of authentication. Authentication frameworks 
obviously use the session to keep track of the currently authenticated 
user, but that should be the extent of their interaction, AFAIK. 
Sessions are created where there is user login or not. Calling 
session[:some_key] will create a session if one does not already exist.

I don''t use AuthLogic myself, so if it is having issues with the
session
store then I can''t really help you.

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Robert Walker wrote in post #975877:
>
> I don''t use AuthLogic myself,
I expect to be in the same situation shortly.  I am now looking at 
Devise.

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Jan 18, 10:31 pm, Robert Walker
<li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>
wrote:
> James Byrne wrote in post #975862:
>
> > How does AR Session Store handle the case where there is no session?
>
> > In other words, some of the web pages that are produced by our
> > application are meant to be publicly viewed without logging in.  This
> > seems to be the problem.  It on the welcome page that the show action
is
> > causing the DBMS to throw a null entry error.
>
> Sessions are independent of authentication. Authentication frameworks
> obviously use the session to keep track of the currently authenticated
> user, but that should be the extent of their interaction, AFAIK.
even that doesn''t have to be true - I seem to recall that authlogic
sets it''s own cookie with the user credentials it needs

Fred
> Sessions are created where there is user login or not. Calling
> session[:some_key] will create a session if one does not already exist.
>
> I don''t use AuthLogic myself, so if it is having issues with the
session
> store then I can''t really help you.
>
> --
> Posted viahttp://www.ruby-forum.com/.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.