How do I delete the session but keep the cookies? I'm trying to simulate a browser close/reopen.
In your step definitions you can access the session directly and remove any/all of your critical values. Assuming that you're trying to test login/logout you could remove the user_id value from the session.
session[:user_id] = nil
Related
I am trying to store session simply by doing session[:user_id] = 1. When I access it in next line by doing puts(session) it prints <ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash:0x0000010433dda8>
I m also not able to fetch session[:user_id] in other pages.
You are using NullStore. Just configure other store (file, memcached, etc.)
I have a rails application 'A' which runs on iframe of another application 'B'. I am setting some values on session when the application 'A' is loaded to iframe of 'B'. When the users does certain actions of application 'B', I want to destroy those session values. So, I created a simple API method which just deletes the session values. Whenever the API to delete session value is called API call is success however the session value doesn't seem to exists in the method.
I used three methods that is supposed to work. But it is not working. The API::AController method is:
def delete_session_value
session.key?(:value) # Returns false here
reset_session # 1
session[:value] = nil # 2
session.delete(:value) # 3
end
The session is set from ApplicationController with simple assignment session[:value] = 'something'. The session value is accessible throughout the application. Is the session value not accessible to API controller? Is there any other way I can solve this problem without affecting the flow?
If you session storage is cookie based (which by default, is), then it's a correct behaviour. You cannot read session cookies (or any other cookies) from iframe. See https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy.
If this is same origin request you could try to set your x-frame-optionsheader to SAMEORIGIN. https://developer.mozilla.org/pl/docs/HTTP/X-Frame-Options
Using active_record_store to store information relating to my users' sessions, and having a great time with how easy it is, but also finding that it is so easy that I am not taking the time to understand it.
I recently found that when users sign out of my site, nothing in the Sessions table is deleted, and so I have very quickly amassed a rather large Sessions table.
What I'd like to do is: Delete the record in the Sessions table when the user signs out AND delete the cookie on the user's computer. What do I have to add to my signout routine to accomplish this?
As of now, all that I'm doing is wiping the user id from the session data, which is clearly not sufficient. I thought I could just delete the record from Sessions by calling the destroy() method on the ActiveRecord object, but, I don't have the session ID. (Maybe I just don't know how to get it?)
I'm a freshman of rails,but i suggest you try this :
rake db:sessions:clear
Only because this is the top answer on google when searching for "rails active_record_store clear table", here is the answer on how to clear the sessions-table: https://stackoverflow.com/a/10088725/1474934
session[:user_id] = nil
session[:username]= nil
flash[:notice]= "You have been Logged out"
redirect_to(:action => "login")
With Rails 3, the default session storage mechanism is cookie_store. I assume that this means that the contents within the session hash are serialized, encoded and stored within a cookie in the browser? Does this mean that nothing (or very little) of the session is stored in the server?
I've had a few issues where I had a cookie overflow error and I'm assuming because I kept on adding to my user instance (which was also linked/fetched from the cookie).
u = session[:user]
u.add_this lots_of_data
so eventually I got a cookie overflow error.
Am I correct about this? Are sessions fully stored within cookies in Rails 3 (by default)?
Yes, if you use the cookie store, the session data is stored in the cookie. If you'd like to store it on the server, you will need to use another session store.
However, if you are storing model objects or "lots of data" in the session, you are most likely doing it wrong in the first place. Your data should go to the database, and the session should only contain as much information as you need to retrieve it.
In you case, this would mean to store the user id int he session, and load the user from the db in a before_filter.
Yes, you are right. The problem might come up if you keep on adding data to session.
But there are some other things that affect it.
Once, I ended up with CookieOverflow error, and the reason was the flash[:notice] messages.
If you use flash[:notice] = "message" and then redirect, the text "message" will be stored in the cookie. If the size of the text u pass is more than 4KBs, you get "CookieOverflow" error
Im having a hard time trying to figure out how to load a session by its id.
I don't want the current_user session, I need to load another one (mostly because flash doesnt share sessions with the browser). So I'm passing the session_id forward with the parameters, how do I get the session in the other side?
Authlogic is redirecting me to login page aways...
I'm usign mem_cached_store to store the sessions. But I'm looking for something 'find_by_id', any idea?
if you have the session id, you can pull the session out of memcached with the session id prefixed with "session:".
session_key = "session:#{session_id}"
mcache = MemCache.new('localhost')
user_session = mcache.get(session_key)