Session ID too long

Hi,

I have a problem with the Session ID in my Rails application. I need to store some data of anonymous users and then, when the session expires, delete that information from de database.

I have a filter in some point of my application when I try to create an anonymous user which I want to identify by its session_id. I read that this session_id must be a 32 char length value, but, when I run the application my session_id value is:

BAh7CToMY3NyZl9pZCIlYmE1ZWYxNzY3MzUwMjI2MzU0NWFhMWUxODZkZDY4M2U6EXNlYXJjaFN0cmluZyIJbmFkYToPdXBkYXRlZF9hdEl1OglUaW1lDatQG4BQk5jZBjofQG1hcnNoYWxfd2l0aF91dGNfY29lcmNpb25GIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--206695460a9e840bd0393690e0d8813ee46ce434

The code is:

def save_anonymus_user       self.current_user = User.new(:login => "guest" + session.session_id,         :password => "guest", :confirm_password => "guest", :session_id => session.session_id)   end

And when the session expires, I am using the session_lifetime plugin to make some stuff like deleting the user from the database.

  expires_session :time => 5.minutes, :redirect_to => '/', :on_expiry => lambda {     user = User.find_by_session_id(session.session_id)     User.delete(user.id) unless user.nil?   }

At this point, the session_id is a 32 char length value, as expected.

What is wrong with the session at the first point? I am lost.

Thanks!

Yeah I got that problem too and I just alter the column to be varchar (500) :frowning:

Why aren't you guys using the cookie session store?

hey, unless yr storing the session in the db for some business requirement you might want to try out using the cookie session store that rails uses by default. it’s a definite improvement over maintaining it yourself and having to sweep out behind old expired sessions.

RSL

Ok, I think that you are not understanding me or I am not understanding you. My problem is not that I want to store the session in the database or that the field for session id is too short.

I need the session_id because I want to have anonymous users in my application. These anonymous users will have data in the database if they do some operations through the front-end of the application, but when these users had gone and their session expire, I want to delete the data that I have stored from them. So, in the moment of the session expiration, I think that I only can to access to the session_id, and that is because I decide to identify the users with the session_id that they are relationed to.

That is my intention, but I don't know if it is possible.

Any ideas?