I'm new at Ruby/Rails, and I've got some questions about session mechanism in Rails and about sessions as a whole.
I've read that session mechanism in Rails 4 uses cookies as a
default store. Is it true?
As I know, sessions are destroyed after
closing a browser. Can I change time of expiration manually?
Thanks in advance.
Yes, sessions are stored in a cookie by default. If you look under config/initializers/ you will find a session_store.rb file with the following contents.
Appname::Application.config.session_store :cookie_store, key: '_appname_session'
As far as overriding this behaviour, you can create a custom cookie and set its expiration date to the time you want. Generally that's how user sessions are handled when creating authentication. For example:
def sign_in(user)
cookies[:session_token] = { value: user.session_token, expires: 1.day.from_now }
self.current_user = user
end
Then you use that cookie to persist the user session.
you can set timeout using expire_after in initializer
My::Application.config.session_store :active_record_store, {
key: "session_id",
domain: "domain.com",
expire_after: 12.hours,
}
Yes
Yes
Both of these things can be set in config/initializers/session_store.rb. E.g.:
MyApp::Application.config.session_store :cookie_store,
:key => '_my_app_session',
:expire_after => 30.minutes
Related
My sessions seem to never expire, even though I configured my session_store.rb file to have this code:
Barcadia::Application.config.session_store :cookie_store,
:key => '_barcadia_session',
:expire_after => 15.minutes
I want users to have to re-login if they have been idle for more than 15 minutes. I am using rails 3.2 and I've tried both cookie_store and active_record_store... Nothing seems to work.
The only thing i see missing are the brackets:
Barcadia::Application.config.session_store :cookie_store, {
:key => '_barcadia_session',
:expire_after => 15.minutes
}
Some::Application.config.session_store :active_record_store, {
expire_after: 24.hours,
}
this worked for me
In myapp/config/initializers/session_store.rb, I have the following:
Myapp::Application.config.session_store :cookie_store, :key => '_myapp_session', :domain => :all
The :key option sets the name to use for the cookie, and :domain => :all says that the cookie can be shared across subdomains.
Now I want to move to using ActiveRecord to store the session. If I do this:
Myapp::Application.config.session_store :active_record_store
... although the session is stored in the database, there is still, of course, a cookie. But I no longer have control over its name or scope.
How can I use ActiveRecord store for the session and still specify the cookie name and domain?
Figured it out
It's very simple, actually:
Myapp::Application.config.session_store :active_record_store, :key => '_myapp_session', :domain => :all
I'm using the dalli memcached client for session storage in my Rails app. I'd like to allow users to check a 'Keep me signed in' box when they login to the app, which will cause the session to expire after a month or something. It's pretty straightforward to set the expiration time in the app initialization:
config/initializers/session_store.rb
require 'action_dispatch/middleware/session/dalli_store'
Rails.application.config.session_store :dalli_store, :memcache_server => ['host1', 'host2'], :namespace => 'sessions', :key => '_foundation_session', :expire_after => 30.minutes
But how would I go about manipulating :expire_after after the app has been initialized?
Im not sure this work for you , but
in Rails 2.3 with db session store you could use somthing similar in your action .
request.session_options = request.session_options.dup
request.session_options[:expire_after] = 5.minutes
request.session_options.freeze
I hope it is useful
edit:
I found this new article for rails3
http://augustl.com/blog/2010/dynamic_session_expiration_time_in_rails_3
I hope it is useful
In Ruby on Rails, how do I set the session cookie's httpOnly setting to false?
In Rails 4, you need to edit config/initializers/session_store.rb
Rails.application.config.session_store(
:cookie_store,
key: '_socializus_session',
httponly: false,
)
This is how i did it with Rails 3:
Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false
I figured this out. In /config/environment.rb include this code:
config.action_controller.session = {
:httponly => false
}
Rails has it set by default to true.
I don't recommend to change it because it will set you cookies accessable for changing from JS like: document.cookie
In Rails 3+ you can change your cookies configuration from config/initializers/session_store.rb:
# Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, key: "_my_application_session", httponly: false
Apparently, after upgrading to Rails 2.3 my session storage has stopped working. I used to have this:
session :session_expires => 3.years.from_now
in my application_controller.rb, but now every time i close the browser (chrome) the session expires. I read from somewhere that session_expires would have changed to expire_after, but
session :expire_after => 3.years.from_now
didn't do any good eihter.
Ok, don't know why "session :expire_after => ..." didn't work, but i got it working with this:
ActionController::Base.session_options[:expire_after] = 3.years
Place this into your ApplicationController and just as your session expires a new one will be generated.
before_filter :change_session_expiration_time
def change_session_expiration_time
request.session_options[:expire_after] = 1.minute
end