How can I change the session key "_session_id" returned to the client
I have a strange problem. I have two rails apps that use REST to communicate. The problematic interaction occurs when app1 uses a redirect to point the client to app2. Both apps appear use the same session key identifier: "_session_id". When the re-direct occurs the session cookie from app1 is replaced by the session cookie from app two because they both use the same key.
Here's some documentation on changing the primary key using in the session database table but I haven't been able to get it to work:
http://caboo.se/doc/classes/CGI/Session/ActiveRecordStore.html
The fifth paragraph suggests:
Note that setting the primary key to the session_id frees you from having a separate id column if you don‘t want it.
However, you must set session.model.id = session.session_id by hand! A before_filter on ApplicationController is a
good place.I though perhaps rails was by default deriving the string for the session key from the primary key for the
session table and tried changing it here and in the migrations but even though I've changed it every where I have found:
CGI::Session::ActiveRecordStore::Session.table_name = "#{RAILS_APPLICATION_PREFIX}diy_sessions"
CGI::Session::ActiveRecordStore::Session.primary_key = "#{RAILS_APPLICATION_PREFIX}diy_session_id"
I still get this suspicious error:
Mysql::Error: Unknown column 'session_id' in 'where clause': SELECT * FROM teemss2_diy_sessions WHERE (session_id = '8e4863f1ca1943753def464382ce88bb') LIMIT 1
Sure does look like there is some other place the primary key is set.
Here's the forensics:
My logged-in user's been working in app1 and their browser's been happily exchanging their session cookie back and forth with app1:
http://concord.org/app1/page/list
GET /app1/page/list HTTP/1.1
Cookie: _session_id=da43fd21e94f6096670716f0a9f71549
HTTP/1.x 200 OK
Set-Cookie: _session_id=da43fd21e94f6096670716f0a9f71549; path=/
I want to customize map.resources so it uses a uid in the URL instead of the database id. The uid is a field on my object.
So I have map.resources :things in routes.rb and I can update a thing by accessing POST /thing/1. Instead I want to update the thing by POST /thing/80ed14ce098affc2 The thing has an id of 1 and a uid of 80ed14ce098affc2
Any options other then getting rid of map.resources and explicitly defining all the REST routes?
Thanks
Andy
Stephen Bannasch wrote the following on 09.02.2007 23:10 :
How can I change the session key "_session_id" returned to the client
from my rails apps. I'm using both 1.2.2 and 1.1.6 frameworks.
I have a strange problem. I have two rails apps that use REST to
communicate. The problematic interaction occurs when app1 uses a
redirect to point the client to app2. Both apps appear use the same
session key identifier: "_session_id". When the re-direct occurs the
session cookie from app1 is replaced by the session cookie from app
two because they both use the same key.
Here's some documentation on changing the primary key using in the
session database table but I haven't been able to get it to work:
http://caboo.se/doc/classes/CGI/Session/ActiveRecordStore.html
I don't think you want to change the column used to store the cookie.
You don't want your applications cookies to overlap. You can do it
either by using different system names (accessing your applications
through http://app<n>.concord.org instead of http://concord.org/app<n>\)
or by using the path attribute of the cookie header.
[...]
GET /app1/page/list HTTP/1.1
Cookie: _session_id=da43fd21e94f6096670716f0a9f71549
HTTP/1.x 200 OK
Set-Cookie: _session_id=da43fd21e94f6096670716f0a9f71549; path=/
Here, if Rails used :
Set-Cookie: _session_id=da43fd21e94f6096670716f0a9f71549; path=/app1
and in app2 later :
Set-Cookie: _session_id=6df71f8e551b3b2de83d4fb0f43d7d56; path=/
Set-Cookie: _session_id=6df71f8e551b3b2de83d4fb0f43d7d56; path=/app2 instead
You wouln't have these problems.
I believe that using
ActionController::Base.session_options[:session_path] = "/app<n>"
in environment.rb would solve your problem (not tested).
You could eliminate this problem by sharing the session store between your applications if need be (this require that you can indeed share the session data between your applications).
Lionel.
