i was wondering how a blog db has grown by about 15 mb in a week or two.
it turns out its the sessions table…
so ive tried this:
class ApplicationController…
session :off
end
class AccountController
session :only, :login
end
and now, its impossible to login, and nothing ever appears in the
session table. is this the right approach? i dont want to weed out the
sessions with cron, i just want them to never be created unless its
necessary… preferably without needing to go around and add a :only or
:except for every action that might want to access session data…
On Sat Jun 24, 2006 at 01:32:03AM +0200, Matias S. wrote:
Couldn’t you just run a job every X time to remove old sessions (sessions
that have not been accesed for an Y amount of time) ??
yes, i could, and probably will weed them out once a month or something.
the point being, id like the session to be accessible if it exists,
anywhere it normally is. but only ever create sessions if the
Account#Login method or something it triggers successfully completes, so
the DB doesnt bloat in the first place…nip the problem at the bud
i dont really see doing a source code audit, then manually adding
session :off, :exec => [] and continually pruning it as realistic in a
huge app…
On Sat Jun 24, 2006 at 01:32:03AM +0200, Matias S. wrote:
Couldn’t you just run a job every X time to remove old sessions (sessions
that have not been accesed for an Y amount of time) ??
yes, i could, and probably will weed them out once a month or something. the point being, id like the session to be accessible if it exists, anywhere it normally is. but only ever create sessions if the Account#Login method or something it triggers successfully completes, so the DB doesnt bloat in the first place…nip the problem at the bud
i dont really see doing a source code audit, then manually adding session :off, :exec => [] and continually pruning it as realistic in a huge app…
Disabling sessions could cause all sorts of strange things to happen
in a rails app. It’s really really not worth the effort. Setup a
cron job to expire the sessions and move on.
in a rails app. It’s really really not worth the effort. Setup a
I wouldn’t say it’s not worth it - at least on a high traffic site.
otherwise you are right
You should not only enable sessions for the login page but also for all
pages that access the session.
I have seen you only enabled it for the login action. you also need it
for all actions that rely on / check for
a logged in user.
peter
snacktime schrieb:
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
