Session ID too long


#1

Hi,

I have a problem with the Session ID in my Rails application. I need to
store some data of anonymous users and then, when the session expires,
delete that information from de database.

I have a filter in some point of my application when I try to create an
anonymous user which I want to identify by its session_id. I read that
this session_id must be a 32 char length value, but, when I run the
application my session_id value is:

BAh7CToMY3NyZl9pZCIlYmE1ZWYxNzY3MzUwMjI2MzU0NWFhMWUxODZkZDY4M2U6EXNlYXJjaFN0cmluZyIJbmFkYToPdXBkYXRlZF9hdEl1OglUaW1lDatQG4BQk5jZBjofQG1hcnNoYWxfd2l0aF91dGNfY29lcmNpb25GIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–206695460a9e840bd0393690e0d8813ee46ce434

The code is:

def save_anonymus_user
self.current_user = User.new(:login => “guest” +
session.session_id,
:password => “guest”, :confirm_password => “guest”, :session_id
=> session.session_id)
end

And when the session expires, I am using the session_lifetime plugin to
make some stuff like deleting the user from the database.

expires_session :time => 5.minutes, :redirect_to => ‘/’, :on_expiry =>
lambda {
user = User.find_by_session_id(session.session_id)
User.delete(user.id) unless user.nil?
}

At this point, the session_id is a 32 char length value, as expected.

What is wrong with the session at the first point? I am lost.

Thanks!


#2

Yeah I got that problem too and I just alter the column to be varchar
(500) :frowning:

On May 5, 9:55 pm, César Díaz removed_email_address@domain.invalid


#3

Why aren’t you guys using the cookie session store?

Maurício Linhares
http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/
(en)


#4

hey, unless yr storing the session in the db for some business
requirement
you might want to try out using the cookie session store that rails uses
by
default. it’s a definite improvement over maintaining it yourself and
having
to sweep out behind old expired sessions.

RSL


#5

Ok, I think that you are not understanding me or I am not understanding
you. My problem is not that I want to store the session in the database
or that the field for session id is too short.

I need the session_id because I want to have anonymous users in my
application. These anonymous users will have data in the database if
they do some operations through the front-end of the application, but
when these users had gone and their session expire, I want to delete the
data that I have stored from them. So, in the moment of the session
expiration, I think that I only can to access to the session_id, and
that is because I decide to identify the users with the session_id that
they are relationed to.

That is my intention, but I don’t know if it is possible.

Any ideas?