How do you work with Angular.js to reuse a session at a webserver (rails) after browser refresh/restart? I'm using RestAngular but I don't know how to store the session? The angular.js app is in my Rails app as a View (with the assets of course) and I have csrf protection fixed.
I want it to work like a regular webpage, where you don't have to log in each time.
I believe you need to reuse the session objects which is already available in the webserver.
What I would suggest is that, You could use the browser cookie to retrieve the session objects or else you could store a key in the browser DB which you can send to the server via RestAngular and check whether the session is already available.
If the session is already there then you can send the relevant data through RestAngular to the browser.
Hope this might help.
Related
I'm building an app using Vue and Rails.
I have both the frontend and the backend separate (in separate folders)
The frontend is generated with vue-cli.
I have a situation where, I want to send some data to the backend via websockets, I want to set that data in something like a session object, and then access that data again on subsequent websocket interactions. Is that possible?
Would I need to set some kind of token in the browser, some kind of identifying token?
This seems like it would be a common problem but I can't find any information on it.
If you are utilizing session in rails websocket/connection.rb you won't be able to access it directly, but you can access it through the cookies object. The rails docs say this is labeled ['_session'] but for me on my browser it was ['_session_id'] then whatever data you set within session like a user id ['user_id']
cookies.encrypted['_session_id']['YOUR_DATA']
I'm coming from PHP background and have a question regarding RoR user sessions. By default PHP uses file storage with write locks for user session data. So it prevents processing of multiple requests by the same client at the same time. How does RoR behaves with sessions?
The default session store in rails store the entirety of the session data in the session cookie itself (known as the cookiestore).
One side effect of this is that if 2 overlapping requests both try and update the session then the last one to send a response back to the client 'wins'.
I don't think any of the session stores commonly in use with Rails have the concurrency property you describe.
I have a Rails's application and i saved user's session in sessions table. It's run on domain example.com
Now I'm developing a CakePHP's application run on subdomain cakephp.example.com. How can i reuse session from Rails's app? Thanks in advance.
Yes it can although I'm not sure why you would want to. Assuming you are using Cookie Store the session is simply base64 encoded.
$rails_session = base64_decode($_COOKIE['_foobar_session']);
Obviously you need to replace the cookie name. Additionally you won't be able to modify the rails session and use it in rails again because there are some security restrictions to tampering with it. You can disable them but I wouldn't suggest doing that.
Another option is to store the session in the database in which case you can access it just like you would for any data.
EDIT: After rereading your question it seems like you would want to read the session in initially like I stated above and use that to create a new session in cakephp.
I am using fancyupload and paperclip to upload files, everything was working perfectly fine until I added authentication and account validation inside the controller.
I am just using my normal current_user nothing special about that, the rest of the application is dealing with it just fine.
how can I get sesssion data working with fancyupload.
B.T.W I am using activerecord_store in my session_store.rb file.
appreciate you help
The issue here is that Flash requests lack the cookies in their headers. This is true for any uploader that uses Flash (or has Flash as an option, like plupload).
What you need to do in this case, is to tell FancyUpload to append the cookie data to the request with the option appendCookieData set to true and then reconstruct the session in the server based on that (cookie data goes as part of the GET or POST request, not as headers, so most frameworks won't automatically handle this way of authentication).
Do note that using that option appends all your cookies to the request, so if your app is heavy on cookie usage it would be better to extract the cookie you need (MooTools has a built-in Cookie helper) and add it to the request with the data option.
I am currently experiencing a strange issue with our users being logged out. I haven't been able to reproduce it explicitly.
The Rails application is using the default CookieStore.
My initial hypothesis is that somehow the session data within the cookie, or even the cookie itself is being destroyed. This may be either from a user clearing browser data, or something within the system that has not been caught.
As of now, the authentication system appears to be functioning as intended (Authlogic), and we are not experiencing the issue wide-spread in other components of the application.
I am considering using ActiveRecordStore to see if the problem is resolved. My understanding is the session data would be stored within the database, and if a cookie was being removed - the user would not get logged out.
Are there many known pros/cons to using CookieStore vs ActiveRecordStore?
Why is CookieStore the default when creating a Rails application, and not ActiveRecordStore?
I can answer your last two questions.
You should not use the cookie store if you're storing sensitive data in the session because you want such data to be on the server-side and not on the client.
The cookie store is the default because Rails is giving you a strong hint that you should not be storing lots of data in the session, by virtue of the fact that cookie storage is limited to 4 KB.
I think CookieStore is the default because it is simple. It doesn't require a database table.
CookieStore is not as secure as ActiveRecordStore. With CookieStore, intercepted cookies will give access to a valid session forever, even if you create a new one. With ActiveRecordStore, you can invalidate a session by removing it from the database.
See this blog post: http://www.bryanrite.com/ruby-on-rails-cookiestore-security-concerns-lifetime-pass/