Forum: Ruby on Rails Session ID too long

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
César D. (Guest)
on 2009-05-05 15:55
Hi,

I have a problem with the Session ID in my Rails application. I need to
store some data of anonymous users and then, when the session expires,
delete that information from de database.

I have a filter in some point of my application when I try to create an
anonymous user which I want to identify by its session_id. I read that
this session_id must be a 32 char length value, but, when I run the
application my session_id value is:

BAh7CToMY3NyZl9pZCIlYmE1ZWYxNzY3MzUwMjI2MzU0NWFhMWUxODZkZDY4M2U6EXNlYXJjaFN0cmluZyIJbmFkYToPdXBkYXRlZF9hdEl1OglUaW1lDatQG4BQk5jZBjofQG1hcnNoYWxfd2l0aF91dGNfY29lcmNpb25GIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--206695460a9e840bd0393690e0d8813ee46ce434

The code is:

def save_anonymus_user
      self.current_user = User.new(:login => "guest" +
session.session_id,
        :password => "guest", :confirm_password => "guest", :session_id
=> session.session_id)
  end

And when the session expires, I am using the session_lifetime plugin to
make some stuff like deleting the user from the database.

  expires_session :time => 5.minutes, :redirect_to => '/', :on_expiry =>
lambda {
    user = User.find_by_session_id(session.session_id)
    User.delete(user.id) unless user.nil?
  }

At this point, the session_id is a 32 char length value, as expected.

What is wrong with the session at the first point? I am lost.

Thanks!
Joshua P. (Guest)
on 2009-05-05 16:29
(Received via mailing list)
Yeah I got that problem too and I just alter the column to be varchar
(500) :-(

On May 5, 9:55 pm, César Díaz <removed_email_address@domain.invalid>
Maurício L. (Guest)
on 2009-05-05 16:30
(Received via mailing list)
Why aren't you guys using the cookie session store?

-
Maurício Linhares
http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/
(en)
RSL (Guest)
on 2009-05-05 16:32
(Received via mailing list)
hey, unless yr storing the session in the db for some business
requirement
you might want to try out using the cookie session store that rails uses
by
default. it's a definite improvement over maintaining it yourself and
having
to sweep out behind old expired sessions.

RSL
César D. (Guest)
on 2009-05-05 20:36
Ok, I think that you are not understanding me or I am not understanding
you. My problem is not that I want to store the session in the database
or that the field for session id is too short.

I need the session_id because I want to have anonymous users in my
application. These anonymous users will have data in the database if
they do some operations through the front-end of the application, but
when these users had gone and their session expire, I want to delete the
data that I have stored from them. So, in the moment of the session
expiration, I think that I only can to access to the session_id, and
that is because I decide to identify the users with the session_id that
they are relationed to.

That is my intention, but I don't know if it is possible.

Any ideas?
This topic is locked and can not be replied to.