Forum: Ruby on Rails Persistent session cookies?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Henrik (Guest)
on 2006-01-09 01:35
It seems Rails sessions by default only last, well, a browsing session.
If the Rails app keeps track of logged-in state by sessions, that state
doesn't survive restarting the browser.

How best to change this behaviour, to make the session cookie live
forever, or at least beyond browser restarts?

It was suggested to me on IRC to combine sessions with code to generate
a unique id and then store that in a "normal cookie" as well as in the
DB, and then restore the session out of that, but that seems like
re-inventing session handling.

What are some better solutions?
Dan S. (Guest)
on 2006-01-09 06:23
(Received via mailing list)
You can set the expiration time of the cookie in the Rails code when
you create it. Just include the :expires option in the hash when you
define the cookie.


On Jan 8, 2006, at 3:35 PM, Henrik wrote:

> generate
> removed_email_address@domain.invalid
> http://lists.rubyonrails.org/mailman/listinfo/rails



-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
Dan S.
Technology Visionary - Technology Assessment - Documentation
"Looking at technology from every angle"
http://www.eclecticity.com
Richard L. (Guest)
on 2006-01-09 06:35
(Received via mailing list)
On this note, how do people deal with persistent logins, such as
'remember me' functions when logging in?
Just store a unique ID in a cookie as mentioned below, or some other
method?

Thanks.

--
R.Livsey
http://livsey.org
Dan S. (Guest)
on 2006-01-09 10:15
(Received via mailing list)
Whether in Rails or other apps, I handle the "remember me" and auto-
login stuff pretty much the same. I use cookies rather than the
server database. If the user loses the cookie or tries to log in from
a different machine, s/he has to go through the login process again
but that's the only real downside.

I think of of the user as an object that should know how to log
itself in. MVC, ya know! :-)


On Jan 8, 2006, at 8:38 PM, Richard L. wrote:

>
>>> It seems Rails sessions by default only last, well, a browsing
>>> a unique id and then store that in a "normal cookie" as well as
> Rails mailing list
> removed_email_address@domain.invalid
> http://lists.rubyonrails.org/mailman/listinfo/rails



-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
Dan S.
Technology Visionary - Technology Assessment - Documentation
"Looking at technology from every angle"
http://www.eclecticity.com
Henrik (Guest)
on 2006-01-09 10:45
Dan S. wrote:
> You can set the expiration time of the cookie in the Rails code when
> you create it. Just include the :expires option in the hash when you
> define the cookie.

Thank you. Could you please expound on this? I know that you can set the
expire time on cookies, but this concerns sessions, where you never set
cookies yourself. E.g.

session['foo'] = 'bar'

Is there a way to inject e.g. :expires into the session cookie?

--
Henrik
Henrik (Guest)
on 2006-01-09 10:50
Dan S. wrote:
> Whether in Rails or other apps, I handle the "remember me" and auto-
> login stuff pretty much the same. I use cookies rather than the
> server database. If the user loses the cookie or tries to log in from
> a different machine, s/he has to go through the login process again
> but that's the only real downside.
>
> I think of of the user as an object that should know how to log
> itself in. MVC, ya know! :-)

Well, the downside with cookies is that you can't very well set e.g.
  cookie['logged-in-user'] = 'foo'
since anyone could spoof it. I suppose you could do
  cookie['logged-in-user'] = 'foo'
  cookie['logged-in-pw-hash'] = 'b4r010101010'
which might perhaps not be much less safe than the session id hash.
However, it is certainly possible to make session cookies persistent.
Rails is just so high-level that I don't know how to go about it.

--
Henrik
Dan S. (Guest)
on 2006-01-09 19:50
(Received via mailing list)
Sorry, but I can't expound further on session cookies. I'm too new to
Ruby and I'd probably get it wrong. Hopefully someone else will jump
in here with more wisdom than I.


On Jan 9, 2006, at 12:45 AM, Henrik wrote:

>
> Rails mailing list
> removed_email_address@domain.invalid
> http://lists.rubyonrails.org/mailman/listinfo/rails



-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
Dan S.
Technology Visionary - Technology Assessment - Documentation
"Looking at technology from every angle"
http://www.eclecticity.com
This topic is locked and can not be replied to.