Cgi::session

tma · July 29, 2006, 5:32pm

how are you supposed to delete the session data from the server?
I made the assumption that session.delete would do this, but it’s not
removing the files.

Any practices out there anyone care to share?

tma · February 18, 2007, 9:52pm

Tom A. wrote:

how are you supposed to delete the session data from the server?
I made the assumption that session.delete would do this, but it’s not
removing the files.

Any practices out there anyone care to share?

I had exactly the same problem. All the docs show clearing individual
items from the session, but I have not seen a single example of using
session.delete. I have proof it is does not work. I wouldn’t have been
debugging if it did :-), but here’s the proof. I stopped right after
the ‘session.delete’ and one of my keys was still there.

[40, 49] in ./script/…/config/…/app/controllers/login_controller.rb
40 session[:shortname] = nil
41 session[:auth_lvl] = nil
42 session[:auth_desc] = nil
43 session.delete
44 debugger
=> 45 redirect_to(:action => “login”)
46 end
47 end
(rdb:119) p session[:san_names]
[“IBM_2109_F32_2”]

Well, I continued to hack and found the solution. Two of them, really.

When I looked at the source code to CGI#Session#delete(), I saw that it
did not actually remove the hash keys from the current object. I added
the following code to my login_controller.rb to open up the CGI::Session
class to add the clear() method.

class CGI::Session
def clear
@data.clear
@dbman.delete
@dbprot.clear
end
end

I found that I could issue the statement ‘session.clear’ during logout,
and the session variable was completely clean. However, in a Rails
environment this is a little too drastic. Rails uses the ‘flash’ key to
save a hash which contains error message notifications. The ‘clear’
method wipes that out too. So I added an ‘each’ method to CGI::Session
so that I could iterate over the keys and nil out them out selectively.
The following code accomplishes the task.

class CGI::Session
def each
@data ||= @dbman.restore
if block_given?
@data.keys.each do |key|
yield key
end
else
@data.keys
end
end
end

In my login_controller.rb the logout method now does the following,
which is a complete solution to my problem:

session.each do |key|
session[key] = nil unless key == ‘flash’
end

All the keys are set to nil rather than actually removed, but they are
effectively gone. The session file shows a drastic reduction in size,
and the next time I log in, all remnants of the previous session are
gone.

Me gusta Ruby!