Session ID too long



I have a problem with the Session ID in my Rails application. I need to
store some data of anonymous users and then, when the session expires,
delete that information from de database.

I have a filter in some point of my application when I try to create an
anonymous user which I want to identify by its session_id. I read that
this session_id must be a 32 char length value, but, when I run the
application my session_id value is:


The code is:

def save_anonymus_user
self.current_user = => “guest” +
:password => “guest”, :confirm_password => “guest”, :session_id
=> session.session_id)

And when the session expires, I am using the session_lifetime plugin to
make some stuff like deleting the user from the database.

expires_session :time => 5.minutes, :redirect_to => ‘/’, :on_expiry =>
lambda {
user = User.find_by_session_id(session.session_id)
User.delete( unless user.nil?

At this point, the session_id is a 32 char length value, as expected.

What is wrong with the session at the first point? I am lost.



Yeah I got that problem too and I just alter the column to be varchar
(500) :frowning:

On May 5, 9:55 pm, César Díaz removed_email_address@domain.invalid


Why aren’t you guys using the cookie session store?

Maurício Linhares (pt-br) |


hey, unless yr storing the session in the db for some business
you might want to try out using the cookie session store that rails uses
default. it’s a definite improvement over maintaining it yourself and
to sweep out behind old expired sessions.



Ok, I think that you are not understanding me or I am not understanding
you. My problem is not that I want to store the session in the database
or that the field for session id is too short.

I need the session_id because I want to have anonymous users in my
application. These anonymous users will have data in the database if
they do some operations through the front-end of the application, but
when these users had gone and their session expire, I want to delete the
data that I have stored from them. So, in the moment of the session
expiration, I think that I only can to access to the session_id, and
that is because I decide to identify the users with the session_id that
they are relationed to.

That is my intention, but I don’t know if it is possible.

Any ideas?