Rails sessions with redis and no database - ruby-on-rails

Hi I'm currently working in this application that consumes some API to retrieve and send all the information, the API manage the database and in my side (Rails app) there is no database.
I was told to use redis to store the sessions so here I am working with redis and no databases, my models don't use ARecord nor AResource. With this in mind I'm working in a logout method but since I don't have any database I'm not sure of what is the approach I should take to handle this because the session is stored in redis and I don't know the keys of the session and also I don't know how to link that session with the user logged I have no idea of how to delete this session.
I'm open to suggestions but it has to be a redis kind of solution, there is any authentification for rails working with redis out there?

Have a look at https://github.com/jodosha/redis-store.
Redis Store provides a full set of stores (Cache, I18n, Session, HTTP Cache) for all the modern Ruby frameworks like: Ruby on Rails, Sinatra, Rack, Rack::Cache and I18n. It natively supports object marshalling, timeouts, single or multiple nodes and namespaces.

Related

How do you create an API server based on data from an existing Rails/Postgres web application?

I have an existing web application that's developed with Ruby on Rails and PostgreSQL. I need to create a mobile application (and possibly a separate web application) using the data from that web application, so I'm looking to create an API server. Is it possible to do this without altering the source code from the original Rails/Postgres web application?
Any ideas on the best way to do this? Or can someone point me in the right direction on what to research?
To connect a new application hosted on Heroku to a PostgreSQL database hosted on Heroku just push your new application to Heroku as normal.
Then, under Settings on your new application dashboard, go into Config Variables and add a new config for DATABASE_URL. Put the value of the url for your existing database.
Your new application will need to be under the same account as your existing application. Heroku doesn't allow you to connect across accounts.
You probably want to take a look at this question for additional details.
Sounds like essentially you want to have two applications connecting to the same database offering the same methods, but respond in different formats (html vs, for example, json). One way of doing that relatively easily might be pushing another api only Rails app to heroku that connects to the same Postgres database (which was mentioned in the comments), but you would have to figure out how to handle authentication differently for your API end points. This depends on whether you are exposing these end points to the public or to something like a mobile front-end. You may want to switch to token-based authentication if you were formerly using sessions on the web-app. Once you implement secure authenticatoin for your api routes, all you have to do is make sure your methods, instead of rendering erb or haml templates, are returning raw data consumable by your intended client.

Sharing session between a Rails and a Symfony app?

I am building a Rails app that will live in the subdomain of a Symfony 2 app (PHP). They will be used by the same type of users, and so we want them to go back and forth between the apps and ideally only login once.
I've seen some solutions on how to share session between subdomains for the same kind of apps, but no solution for sharing session between Symfony and Rails. Is it possible?
I was particularly intrigued that Rails session_store can use a database backend -- the default is cookie. That makes me wonder if both apps were to use the database backend, would they be able to share the sessions?
What other alternatives can I use to make this work, if it can work?
Sure it is possible, but I don't know how much work you have to put in ;)
The main thing is the Session ID. It all depends on that. You must make both applications use the same session storage, else it's impossible.
It doesn't matter if you store the SessionId in a database, in a file (would be pretty slow) or somewhere else, as long as both applications use it.
As you mentioned, Rails supports sessions inside a database out of the box. There's also another way in Rails: Memchached Storage. It's more or less an own database, which is optimized for fast key-value lookups.
So you should look if there's a Symfony plugin that supports either SessionId in database or in a Memcache Storage.
Have a look here: http://watsonbox.github.com/blog/2012/05/01/sharing-session-between-rails-and-php/
Forgot to mention: Both applications must also use the same SESSION_ID name inside the cookie ;)

How do you use a Rails session store outside of a Rails app?

I am interested in deploying a Node.js along side my Rails application server. Just as a reference, I plan on using socket.IO to create a chat server, so users will be able to chat inside of my web application.
My current application uses Authlogic to authenticate users. I would like to ensure that only a user cannot read other users' messages, so I will need to authenticate the user session somehow. My Node.js will have access to my database, and I know Rails can store the sessions inside of the database, so I would like to use this feature to authenticate chat users. The problem is, I have no idea how to go about doing that. I'm not even sure what information is present in the session, and I do not know how I can use this information to authenticate a user.
Thanks in advance!
The rails session is tricky to use from other languages: it's just a serialised ruby object and pretty much the only documentation for the marshal format is the implementation/rubyspec.
However authlogic doesn't actually store anything in the session: it has a separate cookie (user_credentials by default, assuming your model is User)
The data in that cookie is "#{user.persistence_token}::#{user.id}", so you should be able to easily verify this from your js code

Is there a way to share a rails session with a .net app if we are under same domain?

Ultimately we want single sign-on for two applications, one is a rails app and one .net.
Is there a way login to a rails application using devise and cookie session store, and have a .net read this cookie to determine what user is logged in? We are open to switching session stores if that would help.
We would like to keep all auth in Rails, but use the cookie session to allow or deny access to .net application.
Yes, you definitely can do this.
If the session is stored solely in cookies then all you need to do is parse the cookies like rails does. Take a look at ActionDispatch::Request::Cookies to get a better feel for how rails uses cookies.
If on the other hand you store the session in Memcache, Redis, Mysql (or any other external store) you can get the session id from the cookie then look it up in the external store. This is probably easier and slightly more DRY.
As long as you have access to the session cookies you should be able to mirror the Rails session manipulation code in your .NET application and "share" session. I encourage you to start by reading deeper into how Rails handles session.

Using both redis and memcached, should I still use the session api?

If I am using both redis and memcached, does it make sense to still use the built-in session API?
I understand that ruby on rails can easily use memcached using its built-in api's, but I want to use both memcached and redis.
If I have to manually access redis, when do I connect to it, per request?
You can still use the Rails session API with other stores, including Redis and Memcached. The store is just that--the place where the session data is stored. The Rails session API still manages the sessions for you.
You don't mention which contexts you're using Redis and Memcached in (or why you're using both, or how), but I'm guessing you're thinking about session data and caching (based on this earlier question: Rails and caching, is it easy to switch between memcache and redis?)
In either case, there's no real value to not use the APIs that Rails provides, unless you have a particularly distinct use case.
If you absolutely must use both, just tell Rails which storage engine you wish to use for which function.
If you're doing something else, perhaps a bit more information would help people give more useful answers.
In Ruby, you can store your data in any datastore. Not sure if you can use the built-in session API to store to Redis AND memcached for the same session.
If you manually access Redis, just connect to it as few times as possible and use persistent connections, if appropriate, to improve performance.
For PHP and other server-side scripting languages, you might not want to use the built-in session management. Many server-side scripting languages (i.e. PHP) store session information in a temporary directory on the hard disk. Only the session ID is stored in a cookie. An advantage of Redis and memcached is they can avoid disk access and store all session/user information in memory. So, rather than using the built-in session API, just write your own little session API using cookies and interacting with Redis or memcached.

Resources