Session ID too long

cesardiaz · May 5, 2009, 1:55pm

Hi,

I have a problem with the Session ID in my Rails application. I need to
store some data of anonymous users and then, when the session expires,
delete that information from de database.

I have a filter in some point of my application when I try to create an
anonymous user which I want to identify by its session_id. I read that
this session_id must be a 32 char length value, but, when I run the
application my session_id value is:

BAh7CToMY3NyZl9pZCIlYmE1ZWYxNzY3MzUwMjI2MzU0NWFhMWUxODZkZDY4M2U6EXNlYXJjaFN0cmluZyIJbmFkYToPdXBkYXRlZF9hdEl1OglUaW1lDatQG4BQk5jZBjofQG1hcnNoYWxfd2l0aF91dGNfY29lcmNpb25GIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–206695460a9e840bd0393690e0d8813ee46ce434

The code is:

def save_anonymus_user
self.current_user = User.new(:login => “guest” +
session.session_id,
:password => “guest”, :confirm_password => “guest”, :session_id
=> session.session_id)
end

And when the session expires, I am using the session_lifetime plugin to
make some stuff like deleting the user from the database.

expires_session :time => 5.minutes, :redirect_to => ‘/’, :on_expiry =>
lambda {
user = User.find_by_session_id(session.session_id)
User.delete(user.id) unless user.nil?
}

At this point, the session_id is a 32 char length value, as expected.

What is wrong with the session at the first point? I am lost.

Thanks!

cesardiaz · May 5, 2009, 2:29pm

Yeah I got that problem too and I just alter the column to be varchar
(500)

On May 5, 9:55 pm, César Díaz [email protected]

cesardiaz · May 5, 2009, 2:30pm

Why aren’t you guys using the cookie session store?

Maurício Linhares
http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/
(en)

cesardiaz · May 5, 2009, 2:32pm

hey, unless yr storing the session in the db for some business
requirement
you might want to try out using the cookie session store that rails uses
by
default. it’s a definite improvement over maintaining it yourself and
having
to sweep out behind old expired sessions.

RSL

cesardiaz · May 5, 2009, 6:36pm

Ok, I think that you are not understanding me or I am not understanding
you. My problem is not that I want to store the session in the database
or that the field for session id is too short.

I need the session_id because I want to have anonymous users in my
application. These anonymous users will have data in the database if
they do some operations through the front-end of the application, but
when these users had gone and their session expire, I want to delete the
data that I have stored from them. So, in the moment of the session
expiration, I think that I only can to access to the session_id, and
that is because I decide to identify the users with the session_id that
they are relationed to.

That is my intention, but I don’t know if it is possible.

Any ideas?