i have some questions about sessions store, actually im using cookie based authentication. But i need a way to know if someone is logged in or not, so that''s why i need DB store sessions, but my question is, is the a way of making this sessions expire like cookies, or beeing permanent as cookies? is it safer or less? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
> But i need a way to know if someone is logged in > or not, so that''s why i need DB store sessions,Why does that require DB store? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
how could I get if a user if connected or not? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
You could simply do this:
def some_action
...
cookies[:signed_in] = ''yes''
end
def another_action
if cookies[:signed_in] == ''yes''
#show all the user''s secrets
end
end
However, that''s not very secure.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
if cookies is permanent i cant verify if signed in is true or false -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Read this: http://ruby.railstutorial.org/chapters/sign-in-sign-out#sec:sessions -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
i dont need the cookie for the current user, but for every user. So a user can see if someone else is connected or not -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Aug 14, 2011, at 9:55 PM, Tomas R. wrote:> i dont need the cookie for the current user, but for every user. So a > user can see if someone else is connected or notRead up on storing the session in a database in the Rails Guide. That way you can query the database to find out who''s on line. Walter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Tomas R. wrote in post #1016683:> i dont need the cookie for the current user, but for every user. >Adding requirements at this late date voids our contract. I quit. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Aug 13, 10:59 pm, "Tomas R." <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> i have some questions about sessions store, actually im using cookie > based authentication. But i need a way to know if someone is logged in > or not, so that''s why i need DB store sessions, but my question is, is > the a way of making this sessions expire like cookies, or beeing > permanent as cookies? is it safer or less? >db store sessions are still backed by cookies (except that the cookie now contains the identifier for a database row) so the sessions will expire as a cookie based one would too. You can however forcefully expire sessions by deleting rows from your sessions table. You still won''t be able to detect whether a user has lost their session by quitting their browser without logging out from within your app though. Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 15 Aug 2011, at 11:54, Frederick Cheung wrote:> On Aug 13, 10:59 pm, "Tomas R." <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote: >> i have some questions about sessions store, actually im using cookie >> based authentication. But i need a way to know if someone is logged >> in >> or not, so that''s why i need DB store sessions, but my question is, >> is >> the a way of making this sessions expire like cookies, or beeing >> permanent as cookies? is it safer or less? >> > db store sessions are still backed by cookies (except that the cookie > now contains the identifier for a database row) so the sessions will > expire as a cookie based one would too. You can however forcefully > expire sessions by deleting rows from your sessions table. > You still won''t be able to detect whether a user has lost their > session by quitting their browser without logging out from within your > app though.Exactly. What most CMS and forum apps do is check the updated_at column from the sessions table and when someone has been accessing the site within xx minutes, it assumes they are online. You could just as well do it by touching the user object using the cookie store in your authenticate method (maybe in a more performant way than activerecord''s, but that''s up to you). If you''re insisting on using the db session store, you''re probably cleaning out stale sessions that are older than xx days, that''s where you "expire" your sessions. However, if online status is the only reason you want to use database sessions, you shouldn''t even switch. There''s better ways to tackle that problem. If you REALLY want instant feedback on whether someone is online or not, you''d have to implement something like Socket.IO (which uses websockets if available, falls back to whatever it can use if not such as Flash sockets). You then need to listen for the disconnect event on the server to know if a user went offline. If you''re totally in the dark when it comes to two-way communication, you could have a look at Faye (http://railscasts.com/episodes/260-messaging-with-faye). There''s some other solutions out there too (socketstream, …) or you can roll your own in e.g. NodeJS using Socket.IO. Best regards Peter De Berdt -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.