Modify Session Data using session_id

Hi, first post here. I'm enjoying getting to know rails. I have been scratching my head trying to find a way to modify data in a session by directly accessing CGI::Session.

I should note, using the following code, I can successfully create a new key / value pair from the console, but not within my app. I have tried both methods below:

def add_session_data(other_sess_id, new_data) a = CGI::Session::ActiveRecordStore::Session.find_by_session_id(other_sess_id) a.data[:test] = new_data a.save end

def add_session_data(other_sess_id, new_data) cgi = CGI.new("html4") a = CGI::Session.new(cgi, 'database_manager' => CGI::Session::ActiveRecordStore, 'session_id' => other_sess_id) a[:test] = new_data a.close end

Hi,     Rather than accessing a base methods directly, you can access some class methods like 'process_cgi' to solve you pbm better I think. Try http://api.rubyonrails.org/classes/ActionController/Base.html#M000523 this one and post here whether it helps you or not. I am also interested in knowing this.

Thanks, Sadeesh

Sadeesh Viswanthan wrote:

Hi,     Rather than accessing a base methods directly, you can access some class methods like 'process_cgi' to solve you pbm better I think. Try ActionController::Base this one and post here whether it helps you or not. I am also interested in knowing this.

Thanks, Sadeesh

On Dec 15, 4:41�pm, Jeff Vogt <rails-mailing-l...@andreas-s.net>

Thanks for the reply.

I played around with process_cgi and determined it wouldn't work for this application. Further, I went into the code for action_controller to see how session data is saved. I went as far as writing my own method that repeats the exact way session data is saved in Action Controller, but no dice.

What I think is happening, is when a request is made by the client, it grabs the current session data for a given session_id, THEN executes application code (including updating in memory any changes to the session data, THEN updates the database.

When we force changes to the session (by selecting sessions.data by session_id, modifying, and saving) INSIDE of a request routine, the data changes just fine, but is overwritten at the end of the request.

I think.

If anybody has an idea to access whatever is the temporary store for the session when it gets changed during a request, I'd love to figure this out.

I just realized that since the objective is to modify another user's session data (as opposed to my own), the code I am using will work. There's one caveat, however, and someone correct me if I'm wrong: If the user who's session data we are changing makes a request at the exact same time as our user who is modifying data, there's a chance that he will overwrite our changes, and there is no easy way to detect this. Or is this not true in a single-threaded environment?

That being said, I'm also slightly embarrassed to post the following code, I have a feeling there's a much better way to do this. But here goes:

@@connection ||= ActiveRecord::Base.connection record = @@connection.select_one("SELECT * FROM sessions WHERE session_id = '#{other_sess_id}'") a = record['data'] b = Marshal.load(ActiveSupport::Base64.decode64(a)) #demarshal and load session into b b[:testdata] = 'data here' c = ActiveSupport::Base64.encode64(Marshal.dump(b)) #marshal @@connection.update("UPDATE sessions SET data = '#{c}' WHERE session_id = '#{other_sess_id}'") #save to db