Forum: Ruby on Rails Modify Session Data using session_id

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
22ac1a9104ce722d1144d8f8cbc81e59?d=identicon&s=25 Jeff Vogt (jdvogt)
on 2008-12-15 12:41
Hi, first post here.  I'm enjoying getting to know rails.  I have been
scratching my head trying to find a way to modify data in a session by
directly accessing CGI::Session.

I should note, using the following code, I can successfully create a new
key / value pair from the console, but not within my app.  I have tried
both methods below:

def add_session_data(other_sess_id, new_data)
a =
CGI::Session::ActiveRecordStore::Session.find_by_session_id(other_sess_id)
a.data[:test] = new_data
a.save
end

def add_session_data(other_sess_id, new_data)
cgi = CGI.new("html4")
a = CGI::Session.new(cgi, 'database_manager' =>
CGI::Session::ActiveRecordStore, 'session_id' => other_sess_id)
a[:test] = new_data
a.close
end
Ffd203cd1b3456617242464325ffb932?d=identicon&s=25 Sadeesh Viswanthan (sadathiru)
on 2008-12-15 13:24
(Received via mailing list)
Hi,
    Rather than accessing a base methods directly, you can access some
class methods like 'process_cgi' to solve you pbm better I think. Try
http://api.rubyonrails.org/classes/ActionControlle...
this one and post here whether it helps you or not. I am also
interested in knowing this.

Thanks,
Sadeesh

On Dec 15, 4:41 pm, Jeff Vogt <rails-mailing-l...@andreas-s.net>
22ac1a9104ce722d1144d8f8cbc81e59?d=identicon&s=25 Jeff Vogt (jdvogt)
on 2008-12-16 01:15
Sadeesh Viswanthan wrote:
> Hi,
>     Rather than accessing a base methods directly, you can access some
> class methods like 'process_cgi' to solve you pbm better I think. Try
> http://api.rubyonrails.org/classes/ActionControlle...
> this one and post here whether it helps you or not. I am also
> interested in knowing this.
>
> Thanks,
> Sadeesh
>
> On Dec 15, 4:41�pm, Jeff Vogt <rails-mailing-l...@andreas-s.net>

Thanks for the reply.

I played around with process_cgi and determined it wouldn't work for
this application.  Further, I went into the code for action_controller
to see how session data is saved.  I went as far as writing my own
method that repeats the exact way session data is saved in Action
Controller, but no dice.

What I think is happening, is when a request is made by the client, it
grabs the current session data for a given session_id, THEN executes
application code (including updating in memory any changes to the
session data, THEN updates the database.

When we force changes to the session (by selecting sessions.data by
session_id, modifying, and saving) INSIDE of a request routine, the data
changes just fine, but is overwritten at the end of the request.

I think.

If anybody has an idea to access whatever is the temporary store for the
session when it gets changed during a request, I'd love to figure this
out.
22ac1a9104ce722d1144d8f8cbc81e59?d=identicon&s=25 Jeff Vogt (jdvogt)
on 2008-12-16 02:08
I just realized that since the objective is to modify another user's
session data (as opposed to my own), the code I am using will work.
There's one caveat, however, and someone correct me if I'm wrong:  If
the user who's session data we are changing makes a request at the exact
same time as our user who is modifying data, there's a chance that he
will overwrite our changes, and there is no easy way to detect this.  Or
is this not true in a single-threaded environment?

That being said, I'm also slightly embarrassed to post the following
code, I have a feeling there's a much better way to do this.  But here
goes:

@@connection ||= ActiveRecord::Base.connection
record = @@connection.select_one("SELECT * FROM sessions WHERE
session_id = '#{other_sess_id}'")
a = record['data']
b = Marshal.load(ActiveSupport::Base64.decode64(a)) #demarshal and load
session into b
b[:testdata] = 'data here'
c = ActiveSupport::Base64.encode64(Marshal.dump(b)) #marshal
@@connection.update("UPDATE sessions SET data = '#{c}' WHERE session_id
= '#{other_sess_id}'") #save to db
This topic is locked and can not be replied to.