Turning off sessions

Okay, I can’t find any examples on how to PROPERLY turn off sessions.
I’m using Rails 0.14.3 with Apache. I’ve put ‘session :off’ into all
my controllers. Are there any other places I need to put it, because
I still see ruby_sess* files showing up in the /tmp directory on the
server and the sysadmin is giving me a lot of grief over it.


Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard

On 11/15/05, Chris H. [email protected] wrote:

Okay, I can’t find any examples on how to PROPERLY turn off sessions.
I’m using Rails 0.14.3 with Apache. I’ve put ‘session :off’ into all
my controllers. Are there any other places I need to put it, because
I still see ruby_sess* files showing up in the /tmp directory on the
server and the sysadmin is giving me a lot of grief over it.

Chris,

Take a look at the Disabling Sessions section on
http://wiki.rubyonrails.com/rails/pages/HowtoChangeSessionOptions


Dennis S.
[email protected]

Dennis,

I’ve already looked at that…and it clearly states that it only works
with WEBrick, and I need a solution that works properly with Apache2.

On 11/15/05, Dennis S. [email protected] wrote:

Peak Obsession


Dennis S.
[email protected]


Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails


Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard

Hrm…okay, I’m using dispatch.fcgi and there isn’t any such reference
in that file. That appears to apply to using the dispatch.fb
dispatcher.

On 11/15/05, Dennis S. [email protected] wrote:

Okay, I can’t find any examples on how to PROPERLY turn off sessions.

Chris H.


Dennis S.
[email protected]


Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails


Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard

On 11/15/05, Chris H. [email protected] wrote:

I’ve already looked at that…and it clearly states that it only works
with WEBrick, and I need a solution that works properly with Apache2.

Have you seen
http://wrath.rubyonrails.org/pipermail/rails/2004-December/001173.html
? I haven’t tried it, but given the source, it seems like it should
work.

Take a look at the Disabling Sessions section on


Dennis S.
[email protected]

On 11/15/05, Chris H. [email protected] wrote:

Hrm…okay, I’m using dispatch.fcgi and there isn’t any such reference
in that file. That appears to apply to using the dispatch.fb
dispatcher.

It seems as thought RailsFCGIHandler does not provide a method for
turning off sessions.

Looking at
http://dev.rubyonrails.org/browser/trunk/railties/lib/fcgi_handler.rb,
I see that process_request calls Dispatcher.dispatch with only one
parameter: cgi. If this is real important, maybe you want to redefine
process_request to pass false as the second parameter. Or better yet,
modify RailsFCGIHandler to accept a parameter and submit a patch.

On 11/15/05, Chris H. [email protected] wrote:


Dennis S.
[email protected]

Chris H. wrote:

Okay, I can’t find any examples on how to PROPERLY turn off sessions.
I’m using Rails 0.14.3 with Apache. I’ve put ‘session :off’ into all
my controllers. Are there any other places I need to put it, because
I still see ruby_sess* files showing up in the /tmp directory on the
server and the sysadmin is giving me a lot of grief over it.

According to the release notes for the Release Candidate (RC2)

 <http://documentation.rubyonrails.com/release_notes/rc2.html>

What you do is…


Easier session management

With the new config/environment.rb, there’s now a much easier way to
switch
session stores. The most common store that people use instead of files
is the
ActiveRecordStore. This store can be enabled simply by uncommenting its
definition and you can create the matching database table with rake
create_session_table.

We’ve also made it easier to control when the application should track
and use
sessions at all. To totally turn off the sessions for the entire
application,
you can now do:

class ApplicationController < ActionController::Base
session :off
end


I’m not sure what to say if this method isn’t working for you.
Unfortunately, I
haven’t tried this, so I can’t offer much more than this web page
pointer.

-Brian

Another solution would be to use database sessions. I have this this
will
even improve the speed of your application.

Warmest regards,
Nathan.


Nathaniel S. H. Brown Toll Free 1.877.4.INIMIT
Inimit Innovations Phone 604.724.6624
www.inimit.com Fax 604.444.9942

On Nov 15, 2005, at 9:02 AM, Chris H. wrote:

Okay, I can’t find any examples on how to PROPERLY turn off sessions.
I’m using Rails 0.14.3 with Apache. I’ve put ‘session :off’ into all
my controllers. Are there any other places I need to put it, because
I still see ruby_sess* files showing up in the /tmp directory on the
server and the sysadmin is giving me a lot of grief over it.

Chris H.

Chris-

I use this line in my environment.rb file to turn off sessions and

it definitely works:

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS=false

HTH-
-Ezra Z.
Yakima Herald-Republic
WebMaster

509-577-7732
[email protected]

On Nov 15, 2005, at 1:28 PM, Ezra Z. wrote:

Chris H.

Chris-

I use this line in my environment.rb file to turn off sessions and
it definitely works:

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS=false

Another option you can throw in environment.rb:

ActionController::Base.session :off

This is (more or less) the same as doing

class ApplicationController < ActionController::Base
session :off
end

And both approaches work–I’m using them right now in a few different
apps. If you are finding that session(:off) is not preventing
sessions from being created, then you’ve probably found a bug.

  • Jamis

Brian,

Thanks for the great info there! I will put that in, cross my
fingers, and see how that works.

On 11/15/05, Brian V. Hughes [email protected] wrote:

session stores. The most common store that people use instead of files is the
end



Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard

Jamis (and everyone else),

Thanks for the help. I’ve added the session :off option to
application.rb in /controller. I’ll keep you guys posted whether it
works or not.

On 11/15/05, Jamis B. [email protected] wrote:

And both approaches work–I’m using them right now in a few different
apps. If you are finding that session(:off) is not preventing
sessions from being created, then you’ve probably found a bug.

  • Jamis

Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails


Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard