All,

Rails 2.0.2
SQL Server 2000 database
SQL Server AR adapter 1.0 using ODBC

Apparently the new default session store is cookie based. I was using
the ActiveRecord based session store and would like to continue to do
so.

It appears that session data is not being written to my sessions table
as used to be the case under 1.2.6.

My environment.rb file has the following:

Rails::Initializer.run do |config|
…
config.action_controller.session_store = :active_record_store
…
end

Is this directive no longer sufficient for forcing the session store to
be a DB table named “sessions”? If that is the case, what is the
correct way to specify the AR session store?

Thanks,
Wes

Use the database for sessions instead of the cookie-based default,

which shouldn’t be used to store highly confidential information

(create the session table with ‘rake db:sessions:create’)

config.action_controller.session_store = :active_record_store

Have uncommented this line in your config/environment.rb file?

On Mar 14, 4:59 pm, Wes G. [email protected]

I just created a simple test application and set it up to use the
database for session storage.

Step 1: config/environment.rb

Use the database for sessions instead of the cookie-based default,

which shouldn’t be used to store highly confidential information

(create the session table with ‘rake db:sessions:create’)

config.action_controller.session_store = :active_record_store

Step 2: controllers/application.rb

See ActionController::RequestForgeryProtection for details

Uncomment the :secret if you’re not using the cookie session store

protect_from_forgery :secret => ‘5c0cf093b4866f589b91a08c048f7bfa’

This worked just fine in my test app.

On Mar 14, 4:59 pm, Wes G. [email protected]

Yes.

On Mar 15, 2:51 am, Wes G. [email protected]

Step 2: controllers/application.rb

See ActionController::RequestForgeryProtection for details

Uncomment the :secret if you’re not using the cookie session store

protect_from_forgery :secret => ‘5c0cf093b4866f589b91a08c048f7bfa’

This worked just fine in my test app.

Is the protect_from_forgery setting necessary?

Wes

Robert W. wrote:

I just created a simple test application and set it up to use the
database for session storage.

Step 1: config/environment.rb

Use the database for sessions instead of the cookie-based default,

which shouldn’t be used to store highly confidential information

(create the session table with ‘rake db:sessions:create’)

config.action_controller.session_store = :active_record_store

Step 2: controllers/application.rb

See ActionController::RequestForgeryProtection for details

Uncomment the :secret if you’re not using the cookie session store

protect_from_forgery :secret => ‘5c0cf093b4866f589b91a08c048f7bfa’

This worked just fine in my test app.

Which database server are you on?

Thanks,
Wes

Wes G. wrote:

OK, so if I just copy and paste that line into my application.rb, I get
the exception:

ActionController::InvalidAuthenticityToken

Obviously, this token needs to be generated somehow locally by me - can
you point me at any documentation that explains how to do that?

Thanks,
Wes

eventho this is kinda old, i’d like to point out that maybe you should
clear your cookie, reload the page and try again. i think it should
create a new cookie with a correct token to associate with the session
on the database.

OK, so if I just copy and paste that line into my application.rb, I get
the exception:

ActionController::InvalidAuthenticityToken

Obviously, this token needs to be generated somehow locally by me - can
you point me at any documentation that explains how to do that?

Thanks,
Wes