All,
I want to invalidate my session completely when a person logs out of the
system. I am able to remove it from memory, but if I restart my server
after that, it still persists. I want to remove the session file stored
in /tmp.
What is the best way to handle this? Should I just figure out which
ruby_sess.* file it is and delete it myself? Or is there a better
practice?
Thanks,
Wes G.
Why not look into storing your sessions in the database?
http://wiki.rubyonrails.org/rails/pages/HowtoChangeSessionStore
Regards
Dave M.
I don’t want to store a session when a user explicitly abandons it by
logging out of the system.
When I log out of a Web application, I don’t expect to have a session
anymore.
I want to enforce that rule.
Wes
You can do that if you’ve got sessions stored in the database. When
the user logs out, simply delete the record corresponding to that
user’s session.
Failing that, you can build some sort of “reaper” method to walk
through the table periodically and remove any sessions that have
become older than some predefined limit (e.g. 2 hours). This would
work fine for sessions stored in the file system as well, but I think
it’s easier and safer to just delete the session record from the DB
when the user logs out.
Regards
Dave M.
Is storing the sessions in the DB faster than storing them in
filesystem?
I would think not, but thought I would ask.
WG
I’m sure I can figure out how to do this, so thanks.
I can probably get the session id and find the file to delete just as
easily.
I guess Rails is erring in favor of recovery from application crashes
(sessions will still be around if app. fails after a restart).
Wes
You can do that if you’ve got sessions stored in the database. When
the user logs out, simply delete the record corresponding to that
user’s session.
How could I do that?. I store sessions on database. When the user logs
out, I do
reset_session
but I’ve tried delete the session doing session.destroy but it raises
an exception because CGI::Session doesn’t have that method. Do I need
to delete the session with an explicit SQL sentence?
OK, now that I look more closely, I see that reset_session actually
takes care of the persisted session in the PStore filesystem. It
deletes the old file and then a new one is created to handle the new
session that it creates.
Just in case anyone is interested though, this should be the filename
that a given PStore session is stored in:
ruby_sess." + Digest::MD5.hexdigest(session.session_id)[0,16]
assuming a default prefix on the filename. I just looked in pstore.rb
under the CGI library.
Wes
Try “puts session.inspect”, it will show you all the fun attributes of
the
session. Usually a good first step in answering any question is to
invoke
the ‘inspect’ method on the object in question as it can tell you a lot
about what’s available to you
Yan
On Tue, 22 Aug 2006 11:34:06 -0500, Wes G.
[email protected] wrote:
Does anyone know how to get the PStore filename for a given session?
–
Using Opera’s revolutionary e-mail client: http://www.opera.com/m2/
Does anyone know how to get the PStore filename for a given session?
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs