Turning off sessions


#1

Okay, I can’t find any examples on how to PROPERLY turn off sessions.
I’m using Rails 0.14.3 with Apache. I’ve put ‘session :off’ into all
my controllers. Are there any other places I need to put it, because
I still see ruby_sess* files showing up in the /tmp directory on the
server and the sysadmin is giving me a lot of grief over it.


Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard


#2

On 11/15/05, Chris H. removed_email_address@domain.invalid wrote:

Okay, I can’t find any examples on how to PROPERLY turn off sessions.
I’m using Rails 0.14.3 with Apache. I’ve put ‘session :off’ into all
my controllers. Are there any other places I need to put it, because
I still see ruby_sess* files showing up in the /tmp directory on the
server and the sysadmin is giving me a lot of grief over it.

Chris,

Take a look at the Disabling Sessions section on
http://wiki.rubyonrails.com/rails/pages/HowtoChangeSessionOptions


Dennis S.
removed_email_address@domain.invalid


#3

Dennis,

I’ve already looked at that…and it clearly states that it only works
with WEBrick, and I need a solution that works properly with Apache2.

On 11/15/05, Dennis S. removed_email_address@domain.invalid wrote:

http://wiki.rubyonrails.com/rails/pages/HowtoChangeSessionOptions


Dennis S.
removed_email_address@domain.invalid


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails


Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard


#4

Hrm…okay, I’m using dispatch.fcgi and there isn’t any such reference
in that file. That appears to apply to using the dispatch.fb
dispatcher.

On 11/15/05, Dennis S. removed_email_address@domain.invalid wrote:

Okay, I can’t find any examples on how to PROPERLY turn off sessions.

Chris H.


Dennis S.
removed_email_address@domain.invalid


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails


Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard


#5

On 11/15/05, Chris H. removed_email_address@domain.invalid wrote:

I’ve already looked at that…and it clearly states that it only works
with WEBrick, and I need a solution that works properly with Apache2.

Have you seen
http://wrath.rubyonrails.org/pipermail/rails/2004-December/001173.html
? I haven’t tried it, but given the source, it seems like it should
work.

Take a look at the Disabling Sessions section on


Dennis S.
removed_email_address@domain.invalid


#6

On 11/15/05, Chris H. removed_email_address@domain.invalid wrote:

Hrm…okay, I’m using dispatch.fcgi and there isn’t any such reference
in that file. That appears to apply to using the dispatch.fb
dispatcher.

It seems as thought RailsFCGIHandler does not provide a method for
turning off sessions.

Looking at
http://dev.rubyonrails.org/browser/trunk/railties/lib/fcgi_handler.rb,
I see that process_request calls Dispatcher.dispatch with only one
parameter: cgi. If this is real important, maybe you want to redefine
process_request to pass false as the second parameter. Or better yet,
modify RailsFCGIHandler to accept a parameter and submit a patch.

On 11/15/05, Chris H. removed_email_address@domain.invalid wrote:


Dennis S.
removed_email_address@domain.invalid


#7

Chris H. wrote:

Okay, I can’t find any examples on how to PROPERLY turn off sessions.
I’m using Rails 0.14.3 with Apache. I’ve put ‘session :off’ into all
my controllers. Are there any other places I need to put it, because
I still see ruby_sess* files showing up in the /tmp directory on the
server and the sysadmin is giving me a lot of grief over it.

According to the release notes for the Release Candidate (RC2)

 <http://documentation.rubyonrails.com/release_notes/rc2.html>

What you do is…


Easier session management

With the new config/environment.rb, there’s now a much easier way to
switch
session stores. The most common store that people use instead of files
is the
ActiveRecordStore. This store can be enabled simply by uncommenting its
definition and you can create the matching database table with rake
create_session_table.

We’ve also made it easier to control when the application should track
and use
sessions at all. To totally turn off the sessions for the entire
application,
you can now do:

class ApplicationController < ActionController::Base
session :off
end


I’m not sure what to say if this method isn’t working for you.
Unfortunately, I
haven’t tried this, so I can’t offer much more than this web page
pointer.

-Brian


#8

Another solution would be to use database sessions. I have this this
will
even improve the speed of your application.

Warmest regards,
Nathan.


Nathaniel S. H. Brown Toll Free 1.877.4.INIMIT
Inimit Innovations Phone 604.724.6624
www.inimit.com Fax 604.444.9942


#9

On Nov 15, 2005, at 9:02 AM, Chris H. wrote:

Okay, I can’t find any examples on how to PROPERLY turn off sessions.
I’m using Rails 0.14.3 with Apache. I’ve put ‘session :off’ into all
my controllers. Are there any other places I need to put it, because
I still see ruby_sess* files showing up in the /tmp directory on the
server and the sysadmin is giving me a lot of grief over it.

Chris H.

Chris-

I use this line in my environment.rb file to turn off sessions and

it definitely works:

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS=false

HTH-
-Ezra Z.
Yakima Herald-Republic
WebMaster
http://yakimaherald.com
509-577-7732
removed_email_address@domain.invalid


#10

On Nov 15, 2005, at 1:28 PM, Ezra Z. wrote:

Chris H.

Chris-

I use this line in my environment.rb file to turn off sessions and
it definitely works:

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS=false

Another option you can throw in environment.rb:

ActionController::Base.session :off

This is (more or less) the same as doing

class ApplicationController < ActionController::Base
session :off
end

And both approaches work–I’m using them right now in a few different
apps. If you are finding that session(:off) is not preventing
sessions from being created, then you’ve probably found a bug.

  • Jamis

#11

Brian,

Thanks for the great info there! I will put that in, cross my
fingers, and see how that works.

On 11/15/05, Brian V. Hughes removed_email_address@domain.invalid wrote:

session stores. The most common store that people use instead of files is the
end



Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard


#12

Jamis (and everyone else),

Thanks for the help. I’ve added the session :off option to
application.rb in /controller. I’ll keep you guys posted whether it
works or not.

On 11/15/05, Jamis B. removed_email_address@domain.invalid wrote:

And both approaches work–I’m using them right now in a few different
apps. If you are finding that session(:off) is not preventing
sessions from being created, then you’ve probably found a bug.

  • Jamis

Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails


Chris H.

@TheBallpark - http://www.littlehart.net/attheballpark
@TheKeyboard - http://www.littlehart.net/atthekeyboard