ActiveRecord Session Store problem with AuthLogic

I have asked about this problem elsewhere and have as yet not had any
answer.

I cannot determine what is wrong with our Session store
configuration. In Rails2 we used AR store with AuthLogic without
problem. When we switched to Rails3 we ended up using cookie store
because we could not get AR store to work. Now I would like to
discover why we are having this problem and fix it.

What is NOT happening is that the session_id in the sessions model
is not being initialized. Therefore we see this DBMS error:

      PGError: ERROR: null value in column "session_id" violates
not-null constraint
      : INSERT INTO "sessions" ("session_id", "updated_at",
"created_at", "lock_version", "data") VALUES (NULL, . . .

We never explicitly set session_id in Rails2 and I cannot figure out
how to do so so now. Does anyone know hat one must do to initialize
session_id from inside AuthLogic?

James Byrne wrote in post #975693:

I have asked about this problem elsewhere and have as yet not had any
answer.

I cannot determine what is wrong with our Session store
configuration. In Rails2 we used AR store with AuthLogic without
problem. When we switched to Rails3 we ended up using cookie store
because we could not get AR store to work. Now I would like to
discover why we are having this problem and fix it.

What is NOT happening is that the session_id in the sessions model
is not being initialized. Therefore we see this DBMS error:

      PGError: ERROR: null value in column "session_id" violates
not-null constraint
      : INSERT INTO "sessions" ("session_id", "updated_at",
"created_at", "lock_version", "data") VALUES (NULL, . . .

We never explicitly set session_id in Rails2 and I cannot figure out
how to do so so now. Does anyone know hat one must do to initialize
session_id from inside AuthLogic?

AFAIK the choice of session store should be independent of any
authentication framework. Have you tried creating new blank Rails 3.0
application and checking the session store configuration?

Here is what I see from doing so:

./initializers/session_store.rb

Robert Walker wrote in post #975828:

No AuthLogic or anything else involved. I'd check your session store
configuration against what I showed here. Good luck.

I have checked both the session store and the session migration. I can
see no problems there. The way we migrated from 2.3 to 3.0 was to first
create a new Rails 3 application and then copy in the .git directory
from the original. We then reconciled all of the diffs. As far as I can
determine, all of the cruft was left behind.

I have no doubt that AR Session Store works in a new Rails 3 application
without AuthLogic. But that is irrelevant. The entire issue revolves
around getting AuthLogic to work with AR Session Store.

I simply cannot get AR Session Store to work with our AuthLogic setup. I
cannot discover why it works in Rails 2.3.8 and not in Rails 3.0.3.

Presumably, AuthLogic sets session.session_id to some value somewhere.
However, AL uses an attribute called session_id to keep track of
multiple concurrent sessions for the same user and I wonder if there is
some problem that practice introduced in Rails3.

I have asked about this on the AL list when it first cropped up and I
never received any reply. Does anyone here happen to use AL and AR SS
together on a Rails 3 project?

How does AR Session Store handle the case where there is no session?

In other words, some of the web pages that are produced by our
application are meant to be publicly viewed without logging in. This
seems to be the problem. It on the welcome page that the show action is
causing the DBMS to throw a null entry error.

James Byrne wrote in post #975862:

How does AR Session Store handle the case where there is no session?

In other words, some of the web pages that are produced by our
application are meant to be publicly viewed without logging in. This
seems to be the problem. It on the welcome page that the show action is
causing the DBMS to throw a null entry error.

Sessions are independent of authentication. Authentication frameworks
obviously use the session to keep track of the currently authenticated
user, but that should be the extent of their interaction, AFAIK.
Sessions are created where there is user login or not. Calling
session[:some_key] will create a session if one does not already exist.

I don't use AuthLogic myself, so if it is having issues with the session
store then I can't really help you.

Robert Walker wrote in post #975877:

I don't use AuthLogic myself,

I expect to be in the same situation shortly. I am now looking at
Devise.

James Byrne wrote in post #975862:

> How does AR Session Store handle the case where there is no session?

> In other words, some of the web pages that are produced by our
> application are meant to be publicly viewed without logging in. This
> seems to be the problem. It on the welcome page that the show action is
> causing the DBMS to throw a null entry error.

Sessions are independent of authentication. Authentication frameworks
obviously use the session to keep track of the currently authenticated
user, but that should be the extent of their interaction, AFAIK.

even that doesn't have to be true - I seem to recall that authlogic
sets it's own cookie with the user credentials it needs

Fred