In the docs:
https://github.com/mperham/dalli
You set:
# Session cache / Memcache
ActionController::Base.session = {
:namespace => 'sessions',
:expire_after => 20.minutes.to_i,
:memcache_server => ['server-1:11211', 'server-2:11211'],
:key => ...,
:secret => ...
}
What do you set for Key and Secret?
Thanks
I presume you are configuring Dalli as your session store.
For the secret token, you can use the token that you would have already specified in config/initializers/secret_token.rb Or you can use random text like :secret => "extraterrestrialactivityfoundinbermudatriangle"
As for the key, it would normally contain your app name :key => "_my_app_name_session"
Related
In myapp/config/initializers/session_store.rb, I have the following:
Myapp::Application.config.session_store :cookie_store, :key => '_myapp_session', :domain => :all
The :key option sets the name to use for the cookie, and :domain => :all says that the cookie can be shared across subdomains.
Now I want to move to using ActiveRecord to store the session. If I do this:
Myapp::Application.config.session_store :active_record_store
... although the session is stored in the database, there is still, of course, a cookie. But I no longer have control over its name or scope.
How can I use ActiveRecord store for the session and still specify the cookie name and domain?
Figured it out
It's very simple, actually:
Myapp::Application.config.session_store :active_record_store, :key => '_myapp_session', :domain => :all
My setup:
1) I have added a CNAME on my domain to point to S3.
assets.foo.com -> s3.amazonaws.com
2) I have a bucket called assets.foo.com on S3
3) Model code:
has_attached_file :report,
:storage => :s3,
:s3_credentials => {
:access_key_id => "xxxx",
:secret_access_key => "yyyy"},
:s3_permissions => 'private',
:s3_protocol => 'http',
:s3_host_alias => "assets.foo.com",
:url => ":s3_alias_url",
:bucket => "assets.foo.com",
:path => ":class/:attachment/:id_partition_:style.:extension"
I get the expected URL when I call the url method.
s.report.url
#http://assets.foo.com/study/report/..../abc.pdf
I get an error when try to generate an expiring URL
s.report.expiring_url
AWS::S3::CurrentBucketNotSpecified: No bucket name can be inferred from your current connection's address (`s3.amazonaws.com')
from C:/Ruby187/lib/ruby/gems/1.8/gems/aws-s3-0.6.2/lib/aws/s3/base.rb:107:in `current_bucket'
from C:/Ruby187/lib/ruby/gems/1.8/gems/aws-s3-0.6.2/lib/aws/s3/base.rb:179:in `bucket_name'
from C:/Ruby187/lib/ruby/gems/1.8/gems/aws-s3-0.6.2/lib/aws/s3/object.rb:300:in `path!'
from C:/Ruby187/lib/ruby/gems/1.8/gems/aws-s3-0.6.2/lib/aws/s3/object.rb:291:in `url_for'
from C:/Ruby187/lib/ruby/gems/1.8/gems/paperclip-2.3.11/lib/paperclip/storage/s3.rb:98:in `expiring_url'
from (irb):4
According to the user manual the bucket name is inferred if the :s3_host_alias key is specified and :url key is set to ":s3_alias_url". I have configured my model as per the instruction. I still encountered the error.
I was able to work around the problem by adding the bucket configuration, i.e.
has_attached_file :report,
:storage => :s3,
:s3_credentials => {
:access_key_id => "xxxx",
:secret_access_key => "yyyy"},
:s3_permissions => 'private',
:s3_protocol => 'http',
:s3_host_alias => "assets.foo.com",
:url => ":s3_alias_url",
:bucket => "assets.foo.com",
:path => ":class/:attachment/:id_partition_:style.:extension"
When I add the bucket configuration, the expiring_url method ignores the custom CNAME alias.
s.report.expiring_url
#http://s3.amazon.com/assets.foo.com/study/report/..../abc.pdf
Interestingly, the url function generates the expected url even when the bucket configuration is present.
s.report.url
#http://assets.foo.com/study/report/..../abc.pdf
Note: I tried various combination of CNAME alias with the same result:
assets.foo.com -> s3.amazonaws.com
assets.foo.com -> assets.foo.com.s3.amazonaws.com
The issue is that you are in a situation where it can not infer your current bucket. The documentation says that you can set the bucket name to avoid this error. However as you have realized this wont generate the correct URL.
Try setting the :url in your config to the correct value as well with the correct setting for the bucket and it should work.
This behaviour is seen ONLY when expire_url function is called when s3_host_alias is set. I monkey patched the gem to get around the issue.
Added the patch in config\initializers\paperclip.rb
module Paperclip::Storage::S3
def bucket_name_with_s3_host_alias
s3_host_alias || bucket_name_without_s3_host_alias
end
alias_method_chain :bucket_name, :s3_host_alias
def expiring_url_with_s3_host_alias
result = expiring_url_without_s3_host_alias
s3_host_alias.present? ?
result.gsub(/(\/s3.amazonaws.com)|(\.s3.amazonaws.com)/, '') : result
end
alias_method_chain :expiring_url, :s3_host_alias
end
Can someone point out what the new Rails 3.x session configuration options are?
I'm trying to duplicate the same configuration that I have in my Rails 2.3.x application.
This is the configuration that I used in the application:
#environment.rb
config.action_controller.session_store = :active_record_store
config.action_controller.session = {
:key => '_something', #non-secure for development
:secret => 'really long random string'
}
# production.rb - override environment.rb for production
config.action_controller.session = {
:key => '_something_secure',
:secret => 'really long random string',
:expire_after => 60*60,#time in seconds
:secure => true #The session will now not be sent or received on HTTP requests.
}
However, in Rails 3.x, I can only find mention of the following:
AppName::Application.config.session_store :active_record_store
AppName::Application.config.secret_token = 'really long random string'
AppName::Application.config.cookie_secret = 'another really long random string'
Are there other config settings to control the key, expire_after time, and secure option?
Regarding the latter, if "config.force_ssl = true" is set in production.rb, I assume the secure option is no longer required?
Thanks very much!
You now configure the Cookie-based session store through an initializer, probably in config/initializers/session_store.rb. In Rails 3 the session store is a piece of middleware, and the configuration options are passed in with a single call to config.session_store:
Your::Application.config.session_store :cookie_store, :key => '_session'
You can put any extra options you want in the hash with :key, e.g.
Your::Application.config.session_store :cookie_store, {
:key => '_session_id',
:path => '/',
:domain => nil,
:expire_after => nil,
:secure => false,
:httponly => true,
:cookie_only => true
}
(Those are just the standard defaults)
If you force SSL in production then setting secure on the cookie shouldn't really make a difference in practice, but you might want to set it just to be on the safe side...
Your::Application.config.session_store :cookie_store, {
:key => '_session_id',
:secure => Rails.env.production?
}
My app's register and login processes take place on a secure subdomain. For this reason, I have modified config/initializers/session_store.rb to look like
if Rails.env.production?
AppName::Application.config.session_store :cookie_store, :key => '_app_name_session', :domain => '.app_name.com'
else
AppName::Application.config.session_store :cookie_store, :key => '_app_name_session'
end
so that the session can be shared across sub domains.
How can I share permanent cookies accross subdomains so that when I set a permanent cookie
on one subdomain via cookies.permanent[:some_key] = 'some value', I can access that cookie on another subdomain via cookies[:some_key]?
You need to specify the domain using a more verbose cookie setting method:
cookies[:some_cookie] = {
:value => "whatever",
:domain => ".app_name.com",
:expires => 1.year.from_now.utc
}
I haven't found a configuration setting to do this globally yet.
I setup the cookie store to domain => :all, like I could find in documentation and it seems to work, because devise's authentication works across the multiple domain.
MyApp::Application.config.session_store :cookie_store, :key => '_MyApp.com_session', :domain => :all
However when I am trying myself to write to a cookie, it always write down the sub domain... I don't get it:
I write the cookie in the simplest manner possible:
cookies.permanent[:remember_locale] = locale
But no matter what it won't set it for the top level domain whereas the one dropped by devise seems to manage it without a problem :(
Alex
ps: I am using rails 3.0.3
The configuration for the session_store only applies to the session cookie. When setting a separate cookie you have to specify the domain for that cookie as well.
cookies.permanent[:remember_locale] = { :value => locale, :domain => :all }
Note (pulled from rails source):
# Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
#
# cookies[:key] = {
# :value => 'a yummy cookie',
# :expires => 1.year.from_now,
# :domain => 'domain.com'
# }
#
# cookies.delete(:key, :domain => 'domain.com')