Hi All, We use: config.action_controller.session_store = :active_record_store However, when hitting our system with say 10,000 API requests, we get 10,000 session objects in the database. Which seems like a big waste of resources. Is there a way to prevent this? Basically we want API requests to start with an empty in-memory-only session hash which is dropped after the request finishes. Somewhat related, we also don''t want to return an HTTP Header Set-Cookie: _session_id=...etc. Cheers, Jimmy PS. Using rails 2.3.11 -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Peter De Berdt
2011-Feb-15 11:31 UTC
Re: Prevent creation of session objects for API calls
On 15 Feb 2011, at 03:03, Jimmy wrote:> config.action_controller.session_store = :active_record_store > > However, when hitting our system with say 10,000 API requests, we get > 10,000 session objects in the database. Which seems like a big waste > of resources. > > Is there a way to prevent this? > > Basically we want API requests to start with an empty in-memory-only > session hash which is dropped after the request finishes. Somewhat > related, we also don''t want to return an HTTP Header Set-Cookie: > _session_id=...etc.Seems to me like you have no need for sessions at all, since you don''t want the session cookie set. In your API controller, just put "session :disabled => true" on top. If you do need sessions, I would suggest just skipping the active record store sessions completely and either moving on to the cookiebased store or a memcache store (which will automatically drop sessions once it hits the memory treshold iirc). Best regards Peter De Berdt -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
> In your API controller, just put "session :disabled => true" on top.That''s a noop function, it results in a deprecation warning: "Disabling sessions for a single controller has been deprecated. Sessions are now lazy loaded. So if you don''t access them, consider them off. You can still modify the session cookie options with request.session_options."> If you do need sessions, I would suggest just skipping the active > record store sessions completely and either moving on to the > cookiebased store or a memcache store (which will automatically drop > sessions once it hits the memory treshold iirc).We do need sessions for browser requests. We specifically don''t want a cookie based store due to security issues with that. Memcache store might be an option, but then it''s still making unnecessary tcp/ip calls to find, create and update session objects for API requests which is a waste of resources. Cheers, Jimmy -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 15 February 2011 12:06, Jimmy <jimmy.soho-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> >> In your API controller, just put "session :disabled => true" on top. > > That''s a noop function, it results in a deprecation warning: > > "Disabling sessions for a single controller has been deprecated. > Sessions are now lazy loaded. So if you don''t access them, consider > them off. You can still modify the session cookie options with > request.session_options."What that means, I believe, is that if you do not access the session then it will not be created. That implies that somewhere in your API requests you are accessing the session. Find that/them and remove the access to the session and no session will be created for those requests. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.