Cgi::session

how are you supposed to delete the session data from the server?
I made the assumption that session.delete would do this, but it’s not
removing the files.

Any practices out there anyone care to share?

Tom A. wrote:

how are you supposed to delete the session data from the server?
I made the assumption that session.delete would do this, but it’s not
removing the files.

Any practices out there anyone care to share?

I had exactly the same problem. All the docs show clearing individual
items from the session, but I have not seen a single example of using
session.delete. I have proof it is does not work. I wouldn’t have been
debugging if it did :-), but here’s the proof. I stopped right after
the ‘session.delete’ and one of my keys was still there.

[40, 49] in ./script/…/config/…/app/controllers/login_controller.rb
40 session[:shortname] = nil
41 session[:auth_lvl] = nil
42 session[:auth_desc] = nil
43 session.delete
44 debugger
=> 45 redirect_to(:action => “login”)
46 end
47 end
(rdb:119) p session[:san_names]
[“IBM_2109_F32_2”]

Well, I continued to hack and found the solution. Two of them, really.

When I looked at the source code to CGI#Session#delete(), I saw that it
did not actually remove the hash keys from the current object. I added
the following code to my login_controller.rb to open up the CGI::Session
class to add the clear() method.

class CGI::Session
def clear
@data.clear
@dbman.delete
@dbprot.clear
end
end

I found that I could issue the statement ‘session.clear’ during logout,
and the session variable was completely clean. However, in a Rails
environment this is a little too drastic. Rails uses the ‘flash’ key to
save a hash which contains error message notifications. The ‘clear’
method wipes that out too. So I added an ‘each’ method to CGI::Session
so that I could iterate over the keys and nil out them out selectively.
The following code accomplishes the task.

class CGI::Session
def each
@data ||= @dbman.restore
if block_given?
@data.keys.each do |key|
yield key
end
else
@data.keys
end
end
end

In my login_controller.rb the logout method now does the following,
which is a complete solution to my problem:

session.each do |key|
session[key] = nil unless key == ‘flash’
end

All the keys are set to nil rather than actually removed, but they are
effectively gone. The session file shows a drastic reduction in size,
and the next time I log in, all remnants of the previous session are
gone.

Me gusta Ruby!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs