:session_expires usage


#1

Hi everyone, I’m new to Rails and web development. I just bought up the
Agile book and I’ve got a question about the :session_expires option.
In the book, page 317, it says the :session_expires “option should
probably not be used.” Does anyone know why? The book doesn’t explain
or give any indication as to why.

In an application I’m working on I have a need to keep some information
for a very long time between browser sessions. Is it safe to do this
with the session object? Should I roll my own session like object using
the cookies object and use the session object only for things that need
to be remembered for a single browser session and not between browser
sessions?

Thanks.


#2

typically a cookie that has no ‘expires’ setting is cached in RAM
and is thus dropped as soon as the browser is shut down. However, the
cookie is stored on disk if an expiration date is specified. I haven’t
tested this behavior with Rails, but I suspect it holds.

i would just set a cookie expiration date if you want to remember
little things between sessions. Large items, sensitive items, or
important data should be stored in a database; storing a lot of
stuff in the session would make scaling more difficult.
i don’t see any real benefit from rolling your own session object
when there are three persistent storage options already available
to you: cookie, session, and activerecord.

ed wrote:

Hi everyone, I’m new to Rails and web development. I just bought up the
Agile book and I’ve got a question about the :session_expires option.
In the book, page 317, it says the :session_expires “option should
probably not be used.” Does anyone know why? The book doesn’t explain
or give any indication as to why.

In an application I’m working on I have a need to keep some information
for a very long time between browser sessions. Is it safe to do this
with the session object? Should I roll my own session like object using
the cookies object …

no, use cookies with an expiration date in the far future.

…and use the session object only for things that need
to be remembered for a single browser session and not between browser
sessions?

yes


#3

Lou V. wrote:

i don’t see any real benefit from rolling your own session object
when there are three persistent storage options already available
to you: cookie, session, and activerecord.

I didn’t mean making a new type of persistent storage. I only meant
using a cookie to store a hash id on the users computer and then using
the hash id to look up values in the database which would, of course, be
accessed using ActiveRecord. I would just like to wrap this
functionality in an object with a easy interface like the session
object. My first thought was to use the session object because it
already has all the functionality built in, including the ability to set
an expiration date in the far future, but it seems that the session
expiration should be left alone.

I think this would be a common problem. Has anyone already created a
similar object?