Forum: Ruby on Rails Active Record Session expiration in Rails 2.3

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Nauhaie N. (Guest)
on 2009-02-02 11:16
Hi,

I cannot figure out how to let session cookies expire after let's say
two years. Note that I am *not* using CookieStore. I mean the cookie
referencing the Active Record Session.

Here is my config/environnement.rb

++++++++++++++

[...]

Rails::Initializer.run do |config|
[...]
  config.action_controller.session = {
    :key => "...",
    :secret=>"...",
    }

end

[...]

ActionController::Base.session_store = :active_record_store
ActionController::Base.session_options[:session_expires]=(Time.now+2.years)

++++++++++++++

Sessions are correctly stored in the database, but the cookie expires
when the browser is quit. I tried everything!

I used to rely on SQLSessionStore, which let my cookies expire as I
wanted, but since SQLSessionStore doesn't seem to work with 2.3...

If someone could help, it would be great!

Thank you
Nauhaie
Peter H. (Guest)
on 2009-02-02 12:25
(Received via mailing list)
Session cookies are supposed to expire when you quit the browser!

Ordinary cookies however are another matter entirely. I asked a
similar question (how to get non session cookies to be stored in the
database) a few days ago and got no answer.

Best of luck.
Nauhaie N. (Guest)
on 2009-02-02 14:00
Hi,

Thank you for your answer! However, I am sure it is possible to make
these session cookies stay! The option exists, and it always worked for
me until 2.3! I know ActiveRecord Session Store has been refactored in
this version (at least renamed), and I am sure this is merely a question
of setting the option in the wrong place!

Any idea?

Thank you
Nauhaie

Peter H. wrote:
> Session cookies are supposed to expire when you quit the browser!
>
> Ordinary cookies however are another matter entirely. I asked a
> similar question (how to get non session cookies to be stored in the
> database) a few days ago and got no answer.
>
> Best of luck.
Nauhaie N. (Guest)
on 2009-02-02 14:12
Oh, I found the reason

:session_expires has been replaced by :expire_after.

This now works:

ActionController::Base.session_options[:expire_after]=2.years
new on ror (Guest)
on 2009-04-29 14:41
(Received via mailing list)
Hello mate,

I'm wonder how to use database sessions store instead of cookies.
Rails 2.3

thx



On 2月2日, 上午10时16分, Nauhaie N. <removed_email_address@domain.invalid>
Robert W. (Guest)
on 2009-04-29 17:01
new on ror wrote:
> Hello mate,
>
> I'm wonder how to use database sessions store instead of cookies.
> Rails 2.3

environment.rb
----------
config.action_controller.session_store = :active_record_store
Robert W. (Guest)
on 2009-04-29 17:20
Robert W. wrote:
> new on ror wrote:
>> Hello mate,
>>
>> I'm wonder how to use database sessions store instead of cookies.
>> Rails 2.3
>
> environment.rb
> ----------
> config.action_controller.session_store = :active_record_store

What I wonder is what are the advantages of using an active record
session store?

I assume people do this for a few reasons:

1. Need to persist sessions between browser launches. I would consider
this in only in very rare cases. It's my opinion that session cookies in
their current form are even too lenient. An HTML 5 local session storage
object seems like the ideal choice, given that they limit a session to a
single browser window instance, having the same life-cycle and
encapsulation as the window. They also seem to fix a common problem with
cookies leaking out to other domains. Local storage objects are bound to
the domain that created them without the loopholes cookies allow. Too
bad this isn't yet a viable option, but hopefully one day will be.

2. Need to store more that 4K of session data. In most cases this
shouldn't be an issue given that it's good practice to keep sessions as
small as possible. And again HTML 5 local session storage eliminates
this limitation (something else to look forward to in the future).

3. Need to store sensitive data inside session objects. I cringe as I
write that. It just sounds like such a bad idea. But, I suppose that's
why encryption was invented.

What are some other reasons I've not listed here?
Marc H. (Guest)
on 2009-08-11 17:35
> What I wonder is what are the advantages of using an active record
> session store?
>
> I assume people do this for a few reasons:
>
> 1. Need to persist sessions between browser launches...ay will be.
>
> 2. Need to store more that 4K of session data...
>
> 3. Need to store sensitive data inside session objects...

4. Need multiple app servers to scale by using the same data store.

> What are some other reasons I've not listed here?
Maurício Linhares (Guest)
on 2009-08-11 17:37
(Received via mailing list)
On Tue, Aug 11, 2009 at 10:35 AM, Marc
Hassman<removed_email_address@domain.invalid> wrote:
> 4. Need multiple app servers to scale by using the same data store.

Cookie based session store does that without hitting your database
server.

-
Maurício Linhares
http://codeshooter.wordpress.com/ | http://twitter.com/mauriciojr
This topic is locked and can not be replied to.