Create session only for logged-in

i was wondering how a blog db has grown by about 15 mb in a week or two.
it turns out its the sessions table…

so ive tried this:

class ApplicationController…
session :off
end

class AccountController
session :only, :login
end

and now, its impossible to login, and nothing ever appears in the
session table. is this the right approach? i dont want to weed out the
sessions with cron, i just want them to never be created unless its
necessary… preferably without needing to go around and add a :only or
:except for every action that might want to access session data…

carmen

Couldn’t you just run a job every X time to remove old sessions
(sessions
that have not been accesed for an Y amount of time) ??

On Sat Jun 24, 2006 at 01:32:03AM +0200, Matias S. wrote:

Couldn’t you just run a job every X time to remove old sessions (sessions
that have not been accesed for an Y amount of time) ??

yes, i could, and probably will weed them out once a month or something.
the point being, id like the session to be accessible if it exists,
anywhere it normally is. but only ever create sessions if the
Account#Login method or something it triggers successfully completes, so
the DB doesnt bloat in the first place…nip the problem at the bud :slight_smile:

i dont really see doing a source code audit, then manually adding
session :off, :exec => [] and continually pruning it as realistic in a
huge app…

On 6/23/06, carmen [email protected] wrote:

On Sat Jun 24, 2006 at 01:32:03AM +0200, Matias S. wrote:

Couldn’t you just run a job every X time to remove old sessions (sessions
that have not been accesed for an Y amount of time) ??

yes, i could, and probably will weed them out once a month or something. the point being, id like the session to be accessible if it exists, anywhere it normally is. but only ever create sessions if the Account#Login method or something it triggers successfully completes, so the DB doesnt bloat in the first place…nip the problem at the bud :slight_smile:

i dont really see doing a source code audit, then manually adding session :off, :exec => [] and continually pruning it as realistic in a huge app…

Disabling sessions could cause all sorts of strange things to happen
in a rails app. It’s really really not worth the effort. Setup a
cron job to expire the sessions and move on.

Be aware also, that some things like “flash” and many other things in
rails
are dependent on sessions, even for the “anonymous” users…

in a rails app. It’s really really not worth the effort. Setup a

I wouldn’t say it’s not worth it - at least on a high traffic site.
otherwise you are right

You should not only enable sessions for the login page but also for all
pages that access the session.
I have seen you only enabled it for the login action. you also need it
for all actions that rely on / check for
a logged in user.

  • peter

snacktime schrieb:

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs