Modify Session Data using session_id


#1

Hi, first post here. I’m enjoying getting to know rails. I have been
scratching my head trying to find a way to modify data in a session by
directly accessing CGI::Session.

I should note, using the following code, I can successfully create a new
key / value pair from the console, but not within my app. I have tried
both methods below:

def add_session_data(other_sess_id, new_data)
a =
CGI::Session::ActiveRecordStore::Session.find_by_session_id(other_sess_id)
a.data[:test] = new_data
a.save
end

def add_session_data(other_sess_id, new_data)
cgi = CGI.new(“html4”)
a = CGI::Session.new(cgi, ‘database_manager’ =>
CGI::Session::ActiveRecordStore, ‘session_id’ => other_sess_id)
a[:test] = new_data
a.close
end


#2

Hi,
Rather than accessing a base methods directly, you can access some
class methods like ‘process_cgi’ to solve you pbm better I think. Try
http://api.rubyonrails.org/classes/ActionController/Base.html#M000523
this one and post here whether it helps you or not. I am also
interested in knowing this.

Thanks,
Sadeesh

On Dec 15, 4:41 pm, Jeff V. removed_email_address@domain.invalid


#3

Sadeesh Viswanthan wrote:

Hi,
Rather than accessing a base methods directly, you can access some
class methods like ‘process_cgi’ to solve you pbm better I think. Try
http://api.rubyonrails.org/classes/ActionController/Base.html#M000523
this one and post here whether it helps you or not. I am also
interested in knowing this.

Thanks,
Sadeesh

On Dec 15, 4:41�pm, Jeff V. removed_email_address@domain.invalid

Thanks for the reply.

I played around with process_cgi and determined it wouldn’t work for
this application. Further, I went into the code for action_controller
to see how session data is saved. I went as far as writing my own
method that repeats the exact way session data is saved in Action
Controller, but no dice.

What I think is happening, is when a request is made by the client, it
grabs the current session data for a given session_id, THEN executes
application code (including updating in memory any changes to the
session data, THEN updates the database.

When we force changes to the session (by selecting sessions.data by
session_id, modifying, and saving) INSIDE of a request routine, the data
changes just fine, but is overwritten at the end of the request.

I think.

If anybody has an idea to access whatever is the temporary store for the
session when it gets changed during a request, I’d love to figure this
out.


#4

I just realized that since the objective is to modify another user’s
session data (as opposed to my own), the code I am using will work.
There’s one caveat, however, and someone correct me if I’m wrong: If
the user who’s session data we are changing makes a request at the exact
same time as our user who is modifying data, there’s a chance that he
will overwrite our changes, and there is no easy way to detect this. Or
is this not true in a single-threaded environment?

That being said, I’m also slightly embarrassed to post the following
code, I have a feeling there’s a much better way to do this. But here
goes:

@@connection ||= ActiveRecord::Base.connection
record = @@connection.select_one(“SELECT * FROM sessions WHERE
session_id = ‘#{other_sess_id}’”)
a = record[‘data’]
b = Marshal.load(ActiveSupport::Base64.decode64(a)) #demarshal and load
session into b
b[:testdata] = ‘data here’
c = ActiveSupport::Base64.encode64(Marshal.dump(b)) #marshal
@@connection.update(“UPDATE sessions SET data = ‘#{c}’ WHERE session_id
= ‘#{other_sess_id}’”) #save to db