Hello All, I would like to have my session be the database stored instead of browser. Please, could someone explain to me how to do this? Regards, Emeka -- *Satajanus Nig. Ltd * -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 26 May 2011, at 15:38, Emeka wrote:> I would like to have my session be the database stored instead of > browser. Please, could someone explain to me how to do this?http://guides.rubyonrails.org/action_controller_overview.html#session However, there''s very little to no reason why you would change to the ActiveRecordStore. The session should not even contain sensitive data to start off with, that''s not what it''s made for. It''s also not meant to be used as a garbage can for heaps of data. If that''s the reason why you want to switch to the ActiveRecordStore, then you should stop for a second and rethink what you are putting in the session and put it somewhere else. Also, keep in mind that when you switch to the ActiveRecordStore: - You will need to clean the expired sessions on regular intervals yourself - You will be hitting the database a lot more often on every request, a waste of server resources in my opinion Best regards Peter De Berdt -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
And if it''s for a multi-server web farm, you''re way better off with sticky sessions on the load balancer than a shared persistent session store. And if you can''t afford to ever lose any of the data you''re currently saving in session even in the rare event of server fail over, you should be taking the performance hit and associating that to a persistent user profile in the database. Best Wishes, Peter On May 26, 2011, at 11:08 AM, Peter De Berdt wrote:> > On 26 May 2011, at 15:38, Emeka wrote: > >> I would like to have my session be the database stored instead of browser. Please, could someone explain to me how to do this? > > http://guides.rubyonrails.org/action_controller_overview.html#session > > However, there''s very little to no reason why you would change to the ActiveRecordStore. The session should not even contain sensitive data to start off with, that''s not what it''s made for. It''s also not meant to be used as a garbage can for heaps of data. If that''s the reason why you want to switch to the ActiveRecordStore, then you should stop for a second and rethink what you are putting in the session and put it somewhere else. > > Also, keep in mind that when you switch to the ActiveRecordStore: > - You will need to clean the expired sessions on regular intervals yourself > - You will be hitting the database a lot more often on every request, a waste of server resources in my opinion > > > > > Best regards > > Peter De Berdt > > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
There''s absolutely no reason that I can think of for you to store
sessions in the database. As was stated previously, you shouldn''t
store
any personal data in the session. Don''t be afraid to use cookies!
When
implemented properly, you should have nothing to fear.
Here''s an example you can do with your session_store.rb file. I even
added a gist so you can see the formatting better.
/config/session_store.rb
Yourapp::Application.config.session_store :cookie_store
Yourapp::Application.config.session = {
:key => ''_yourapp_session'', # name of
cookie that
stores the data
:domain => nil, # you can share between
subdomains here: ''.subdomain.com''
:expire_after => 1.month, # expire cookie
:secure => false, # for https its true
:httponly => true, # a measure against XSS
attacks, prevent client side scripts from accessing the cookie
:secret => ''YOUR SECRET GOES HERE'' # RUN RAKE
SECRET to
generate secret
}
You can read it better by going to this gist:
https://gist.github.com/993390
Hope that helps.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Thanks you all, I have repented. I am a new being now =) On Thu, May 26, 2011 at 4:52 PM, Alpha Blue <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> There''s absolutely no reason that I can think of for you to store > sessions in the database. As was stated previously, you shouldn''t store > any personal data in the session. Don''t be afraid to use cookies! When > implemented properly, you should have nothing to fear. > > Here''s an example you can do with your session_store.rb file. I even > added a gist so you can see the formatting better. > > /config/session_store.rb > > Yourapp::Application.config.session_store :cookie_store > > Yourapp::Application.config.session = { > :key => ''_yourapp_session'', # name of cookie that > stores the data > :domain => nil, # you can share between > subdomains here: ''.subdomain.com'' > :expire_after => 1.month, # expire cookie > :secure => false, # for https its true > :httponly => true, # a measure against XSS > attacks, prevent client side scripts from accessing the cookie > > :secret => ''YOUR SECRET GOES HERE'' # RUN RAKE SECRET to > generate secret > } > > You can read it better by going to this gist: > > https://gist.github.com/993390 > > Hope that helps. > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- *Satajanus Nig. Ltd * -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On May 26, 4:08 pm, Peter De Berdt <peter.de.be...-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org> wrote:> On 26 May 2011, at 15:38, Emeka wrote: > > > I would like to have my session be the database stored instead of > > browser. Please, could someone explain to me how to do this? > > http://guides.rubyonrails.org/action_controller_overview.html#session > > However, there''s very little to no reason why you would change to the > ActiveRecordStore. The session should not even contain sensitive data > to start off with, that''s not what it''s made for. It''s also not meant > to be used as a garbage can for heaps of data. If that''s the reason > why you want to switch to the ActiveRecordStore, then you should stop > for a second and rethink what you are putting in the session and put > it somewhere else.The one issue i have occasionally had with cookie store is that in the presence of multiple concurrent requests altering the session then with the cookie store these requests tend to destroy each others changes to the session whereas with the database you can at least make a half decent attempt to merge changes (when the requests are changing different keys in the session). Fred> > Also, keep in mind that when you switch to the ActiveRecordStore: > - You will need to clean the expired sessions on regular intervals > yourself > - You will be hitting the database a lot more often on every request, > a waste of server resources in my opinion > > Best regards > > Peter De Berdt-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 26 May 2011 16:52, Alpha Blue <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Don''t be afraid to use cookies! When > implemented properly, you should have nothing to fear.Apart from the law in Europe: http://www.bbc.co.uk/news/13538306 -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On May 26, 2011, at 2:17 PM, Michael Pavling wrote:> On 26 May 2011 16:52, Alpha Blue <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote: >> Don''t be afraid to use cookies! When >> implemented properly, you should have nothing to fear. > > Apart from the law in Europe: > http://www.bbc.co.uk/news/13538306Depends. From the description on that site: "Cookies are designed to gather information about users, and these rules relate to code designed to help target advertisements - specifically when the information gathered is unrelated to the website being browsed." Sounds to me (IANAL, not even in Europe) as though the basic Rails cookie store would be completely kosher here. Walter> > -- > You received this message because you are subscribed to the Google > Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails- > talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > . > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en > . >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.