Hello All,
I would like to have my session be the database stored instead of browser. Please, could someone explain to me how to do this?
Regards,
Emeka
http://guides.rubyonrails.org/action_controller_overview.html#session
However, there’s very little to no reason why you would change to the ActiveRecordStore. The session should not even contain sensitive data to start off with, that’s not what it’s made for. It’s also not meant to be used as a garbage can for heaps of data. If that’s the reason why you want to switch to the ActiveRecordStore, then you should stop for a second and rethink what you are putting in the session and put it somewhere else.
Also, keep in mind that when you switch to the ActiveRecordStore:
-
You will need to clean the expired sessions on regular intervals yourself
-
You will be hitting the database a lot more often on every request, a waste of server resources in my opinion
Best regards
Peter De Berdt
And if it’s for a multi-server web farm, you’re way better off with sticky sessions on the load balancer than a shared persistent session store. And if you can’t afford to ever lose any of the data you’re currently saving in session even in the rare event of server fail over, you should be taking the performance hit and associating that to a persistent user profile in the database.
Best Wishes,
Peter
There's absolutely no reason that I can think of for you to store sessions in the database. As was stated previously, you shouldn't store any personal data in the session. Don't be afraid to use cookies! When implemented properly, you should have nothing to fear.
Here's an example you can do with your session_store.rb file. I even added a gist so you can see the formatting better.
/config/session_store.rb
Yourapp::Application.config.session_store :cookie_store
Yourapp::Application.config.session = { :key => '_yourapp_session', # name of cookie that stores the data :domain => nil, # you can share between subdomains here: '.subdomain.com' :expire_after => 1.month, # expire cookie :secure => false, # for https its true :httponly => true, # a measure against XSS attacks, prevent client side scripts from accessing the cookie
:secret => 'YOUR SECRET GOES HERE' # RUN RAKE SECRET to generate secret }
You can read it better by going to this gist:
https://gist.github.com/993390
Hope that helps.
Thanks you all, I have repented. I am a new being now =)
> I would like to have my session be the database stored instead of
> browser. Please, could someone explain to me how to do this?Action Controller Overview — Ruby on Rails Guides
However, there's very little to no reason why you would change to the
ActiveRecordStore. The session should not even contain sensitive data
to start off with, that's not what it's made for. It's also not meant
to be used as a garbage can for heaps of data. If that's the reason
why you want to switch to the ActiveRecordStore, then you should stop
for a second and rethink what you are putting in the session and put
it somewhere else.
The one issue i have occasionally had with cookie store is that in the presence of multiple concurrent requests altering the session then with the cookie store these requests tend to destroy each others changes to the session whereas with the database you can at least make a half decent attempt to merge changes (when the requests are changing different keys in the session).
Fred
Apart from the law in Europe:
Don't be afraid to use cookies! When implemented properly, you should have nothing to fear.
Apart from the law in Europe: EU law restricting website cookies comes into effect - BBC News
Depends. From the description on that site: "Cookies are designed to gather information about users, and these rules relate to code designed to help target advertisements - specifically when the information gathered is unrelated to the website being browsed."
Sounds to me (IANAL, not even in Europe) as though the basic Rails cookie store would be completely kosher here.
Walter