ActiveRecord Session Store problem with AuthLogic

I have asked about this problem elsewhere and have as yet not had any
answer.

I cannot determine what is wrong with our Session store
configuration. In Rails2 we used AR store with AuthLogic without
problem. When we switched to Rails3 we ended up using cookie store
because we could not get AR store to work. Now I would like to
discover why we are having this problem and fix it.

What is NOT happening is that the session_id in the sessions model
is not being initialized. Therefore we see this DBMS error:

  PGError: ERROR:  null value in column "session_id" violates

not-null constraint
: INSERT INTO “sessions” (“session_id”, “updated_at”,
“created_at”, “lock_version”, “data”) VALUES (NULL, . . .

We never explicitly set session_id in Rails2 and I cannot figure out
how to do so so now. Does anyone know hat one must do to initialize
session_id from inside AuthLogic?

James B. wrote in post #975693:

I have asked about this problem elsewhere and have as yet not had any
answer.

I cannot determine what is wrong with our Session store
configuration. In Rails2 we used AR store with AuthLogic without
problem. When we switched to Rails3 we ended up using cookie store
because we could not get AR store to work. Now I would like to
discover why we are having this problem and fix it.

What is NOT happening is that the session_id in the sessions model
is not being initialized. Therefore we see this DBMS error:

  PGError: ERROR:  null value in column "session_id" violates

not-null constraint
: INSERT INTO “sessions” (“session_id”, “updated_at”,
“created_at”, “lock_version”, “data”) VALUES (NULL, . . .

We never explicitly set session_id in Rails2 and I cannot figure out
how to do so so now. Does anyone know hat one must do to initialize
session_id from inside AuthLogic?

AFAIK the choice of session store should be independent of any
authentication framework. Have you tried creating new blank Rails 3.0
application and checking the session store configuration?

Here is what I see from doing so:

./initializers/session_store.rb

Be sure to restart your server when you modify this file.

Demo::Application.config.session_store :cookie_store, :key =>

‘_demo_session’

Use the database for sessions instead of the cookie-based default,

which shouldn’t be used to store highly confidential information

(create the session table with “rails generate session_migration”)

Demo::Application.config.session_store :active_record_store

I simple commented out the cookie store config and replaced it with the
AR session store config. then ran the generator as shown above.

./db/schema.rb

create_table “sessions”, :force => true do |t|
t.string “session_id”, :null => false
t.text “data”
t.datetime “created_at”
t.datetime “updated_at”
end

add_index “sessions”, [“session_id”], :name =>
“index_sessions_on_session_id”
add_index “sessions”, [“updated_at”], :name =>
“index_sessions_on_updated_at”

./app/controllers/welome_controller.rb

class ApplicationController < ActionController::Base
protect_from_forgery

before_filter :force_session_use

private
def force_session_use
session[:user_id] = 1
end
end

A little code to force a value into the session.

./app/views/welcome/index.html.erb

Welcome#index

Session contains user_id: <%= session[:user_id] %>

-----------------------------

Read the value back from the session.

sessions table in database

sqlite> select * from sessions;
id|session_id|data|created_at|updated_at
1|4e3b2648c9a9fb292fc45b756f7e8908|BAh7B0kiDHVzZXJfaWQGOgZFRmkGSSIQX2NzcmZfdG9rZW4GOwBGSSIxeTdI
VEdlRDJ1ZURQa0kwdEZOcjNaSi9wVE1NUVg5Y2ZyMDdQSTJXMWdWdz0GOwBG
|2011-01-18 20:07:12.597419|2011-01-18 20:07:12.597419

And finally we get the session data stored in the database.

No AuthLogic or anything else involved. I’d check your session store
configuration against what I showed here. Good luck.

Robert W. wrote in post #975828:

No AuthLogic or anything else involved. I’d check your session store
configuration against what I showed here. Good luck.

I have checked both the session store and the session migration. I can
see no problems there. The way we migrated from 2.3 to 3.0 was to first
create a new Rails 3 application and then copy in the .git directory
from the original. We then reconciled all of the diffs. As far as I can
determine, all of the cruft was left behind.

I have no doubt that AR Session Store works in a new Rails 3 application
without AuthLogic. But that is irrelevant. The entire issue revolves
around getting AuthLogic to work with AR Session Store.

I simply cannot get AR Session Store to work with our AuthLogic setup. I
cannot discover why it works in Rails 2.3.8 and not in Rails 3.0.3.

Presumably, AuthLogic sets session.session_id to some value somewhere.
However, AL uses an attribute called session_id to keep track of
multiple concurrent sessions for the same user and I wonder if there is
some problem that practice introduced in Rails3.

I have asked about this on the AL list when it first cropped up and I
never received any reply. Does anyone here happen to use AL and AR SS
together on a Rails 3 project?

James B. wrote in post #975862:

How does AR Session Store handle the case where there is no session?

In other words, some of the web pages that are produced by our
application are meant to be publicly viewed without logging in. This
seems to be the problem. It on the welcome page that the show action is
causing the DBMS to throw a null entry error.

Sessions are independent of authentication. Authentication frameworks
obviously use the session to keep track of the currently authenticated
user, but that should be the extent of their interaction, AFAIK.
Sessions are created where there is user login or not. Calling
session[:some_key] will create a session if one does not already exist.

I don’t use AuthLogic myself, so if it is having issues with the session
store then I can’t really help you.

How does AR Session Store handle the case where there is no session?

In other words, some of the web pages that are produced by our
application are meant to be publicly viewed without logging in. This
seems to be the problem. It on the welcome page that the show action is
causing the DBMS to throw a null entry error.

Robert W. wrote in post #975877:

I don’t use AuthLogic myself,

I expect to be in the same situation shortly. I am now looking at
Devise.

On Jan 18, 10:31pm, Robert W. [email protected] wrote:

obviously use the session to keep track of the currently authenticated
user, but that should be the extent of their interaction, AFAIK.

even that doesn’t have to be true - I seem to recall that authlogic
sets it’s own cookie with the user credentials it needs

Fred