Forum: Ruby on Rails reset_sessions how to?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
vimal (Guest)
on 2009-04-27 08:59
(Received via mailing list)
Hi,

    I am maintaining sessions for storing user informations.
    When i logout i clear the session using reset_session.

    Will the session be available if i kill the rails server?

    If yes, Why does this happen and how can i overcome this by
resetting the session?

    Please give me some suggestions, since i am stuck with this for a
long time

Regards,
Vimal Das
7stud -. (Guest)
on 2009-04-27 09:16
vimal wrote:
> Hi,
>
>     I am maintaining sessions for storing user informations.
>     When i logout i clear the session using reset_session.
>
>     Will the session be available if i kill the rails server?
>

Try it and let us know.
vimal (Guest)
on 2009-04-27 09:54
(Received via mailing list)
Hi,

  Thanks for pointing it out. I'm sorry, sometimes i ask some stupid
questions. since my english is weak . Forgive me :)

  My answer is yes, the session prevails though i kill the server.
  How can i overcome this by clearing the session information each
time the rails server is killed.

Thanks and Regards,
Vimal Das
7stud -. (Guest)
on 2009-04-27 10:47
vimal wrote:
> Hi,
>
>   Thanks for pointing it out. I'm sorry, sometimes i ask some stupid
> questions. since my english is weak . Forgive me :)
>
>   My answer is yes, the session prevails though i kill the server.
>   How can i overcome this by clearing the session information each
> time the rails server is killed.
>
> Thanks and Regards,
> Vimal Das

Have you tried:

rake db:sessions:clear
Frederick C. (Guest)
on 2009-04-27 11:42
(Received via mailing list)
On Apr 27, 5:58 am, vimal <removed_email_address@domain.invalid> wrote:
> Hi,
>
>     I am maintaining sessions for storing user informations.
>     When i logout i clear the session using reset_session.
>
>     Will the session be available if i kill the rails server?
>
>     If yes, Why does this happen and how can i overcome this by
> resetting the session?
>
Well reset_session should kill the session no matter what happens
afterwards.

Other than that, the session store persists across restarts. It pretty
much depends on what your session store is. If it is one of the server
side ones ( activerecord_store, MemcacheStore etc...) then you can
clear it out. If it is the cookie store (the default) then the session
is stored on the user's computer, so you can't delete it. You can
invalidate it by changing your session's secret (make sure you deal
with the exception that gets raised in those cases if you don't want
to confuse your users). Pretty much a manual process which ever store
you use.

Fred
vimal (Guest)
on 2009-04-27 12:17
(Received via mailing list)
> Have you tried:
>
> rake db:sessions:clear

it says -> uninitialized constant ActiveRecord

I am not using active_record for storing session information.
it is the cookie store session as Fred has suggested.

Would i be able to trap the Ctrl-c interrupt and then call
reset_session?
But i dont know the proper way to do it
Frederick C. (Guest)
on 2009-04-27 12:19
(Received via mailing list)
On Apr 27, 9:16 am, vimal <removed_email_address@domain.invalid> wrote:

> I am not using active_record for storing session information.
> it is the cookie store session as Fred has suggested.
>
> Would i be able to trap the Ctrl-c interrupt and then call
> reset_session?

reset_session only clears out the session associated with the current
request. Unless you are in the middle of processing a request it is
meaningless.

Fred
vimal (Guest)
on 2009-04-27 12:26
(Received via mailing list)
I have tried it before and got the same as you said.

>You can
>invalidate it by changing your session's secret (make sure you deal
>with the exception that gets raised in those cases if you don't want
>to confuse your users). Pretty much a manual process which ever store
>you use.

Anyway the above suggested solution is only possible if Ctrl-c
interrupt is trapped
and then routed to the proceedure

Regards,
Vimal Das
Colin L. (Guest)
on 2009-04-27 18:46
(Received via mailing list)
Possibly you could do it by changing the secret on starting the server
up
rather than when killing it off.
Colin

2009/4/27 vimal <removed_email_address@domain.invalid>
This topic is locked and can not be replied to.