If I am using both redis and memcached, does it make sense to still use the built-in session API?
I understand that ruby on rails can easily use memcached using its built-in api's, but I want to use both memcached and redis.
If I have to manually access redis, when do I connect to it, per request?
You can still use the Rails session API with other stores, including Redis and Memcached. The store is just that--the place where the session data is stored. The Rails session API still manages the sessions for you.
You don't mention which contexts you're using Redis and Memcached in (or why you're using both, or how), but I'm guessing you're thinking about session data and caching (based on this earlier question: Rails and caching, is it easy to switch between memcache and redis?)
In either case, there's no real value to not use the APIs that Rails provides, unless you have a particularly distinct use case.
If you absolutely must use both, just tell Rails which storage engine you wish to use for which function.
If you're doing something else, perhaps a bit more information would help people give more useful answers.
In Ruby, you can store your data in any datastore. Not sure if you can use the built-in session API to store to Redis AND memcached for the same session.
If you manually access Redis, just connect to it as few times as possible and use persistent connections, if appropriate, to improve performance.
For PHP and other server-side scripting languages, you might not want to use the built-in session management. Many server-side scripting languages (i.e. PHP) store session information in a temporary directory on the hard disk. Only the session ID is stored in a cookie. An advantage of Redis and memcached is they can avoid disk access and store all session/user information in memory. So, rather than using the built-in session API, just write your own little session API using cookies and interacting with Redis or memcached.
Related
I am building a Rails app that will live in the subdomain of a Symfony 2 app (PHP). They will be used by the same type of users, and so we want them to go back and forth between the apps and ideally only login once.
I've seen some solutions on how to share session between subdomains for the same kind of apps, but no solution for sharing session between Symfony and Rails. Is it possible?
I was particularly intrigued that Rails session_store can use a database backend -- the default is cookie. That makes me wonder if both apps were to use the database backend, would they be able to share the sessions?
What other alternatives can I use to make this work, if it can work?
Sure it is possible, but I don't know how much work you have to put in ;)
The main thing is the Session ID. It all depends on that. You must make both applications use the same session storage, else it's impossible.
It doesn't matter if you store the SessionId in a database, in a file (would be pretty slow) or somewhere else, as long as both applications use it.
As you mentioned, Rails supports sessions inside a database out of the box. There's also another way in Rails: Memchached Storage. It's more or less an own database, which is optimized for fast key-value lookups.
So you should look if there's a Symfony plugin that supports either SessionId in database or in a Memcache Storage.
Have a look here: http://watsonbox.github.com/blog/2012/05/01/sharing-session-between-rails-and-php/
Forgot to mention: Both applications must also use the same SESSION_ID name inside the cookie ;)
I am looking appropriate resources on "how to replicate session (user session in a stateful app) and cached objects (retrieved from an underlying database through transactional operations) of an application server". The app server can preferably Rails or any other popular one which fully supports MVC framework (using ActiveRecord or DataMapper design patterns).
It will be also helpful to know similar thing about Memcached replication internals as well if it supports this kind of replication.
If anyone can further suggest on how to integrate a NoSQL key-value stores to keep session and cached objects generated in an app server like Rails that would another appreciated answer.
My goal is to find out suitable way to replicate an app server instance for performance (either for local users or geo-distributed) and high-availability. Any point-out to current industry practice and available solutions will be much helpful in this regard.
Thanks a lot in advance.
Hi I'm currently working in this application that consumes some API to retrieve and send all the information, the API manage the database and in my side (Rails app) there is no database.
I was told to use redis to store the sessions so here I am working with redis and no databases, my models don't use ARecord nor AResource. With this in mind I'm working in a logout method but since I don't have any database I'm not sure of what is the approach I should take to handle this because the session is stored in redis and I don't know the keys of the session and also I don't know how to link that session with the user logged I have no idea of how to delete this session.
I'm open to suggestions but it has to be a redis kind of solution, there is any authentification for rails working with redis out there?
Have a look at https://github.com/jodosha/redis-store.
Redis Store provides a full set of stores (Cache, I18n, Session, HTTP Cache) for all the modern Ruby frameworks like: Ruby on Rails, Sinatra, Rack, Rack::Cache and I18n. It natively supports object marshalling, timeouts, single or multiple nodes and namespaces.
We have a Rails app with a view that gets populated with data from a third-party API. Currently, this view uses a swf streamer to open a socket to the endpoints.
Recently, the API's provider has asked us to switch to long polling ajax calls, and to pipe requests through a proxy in our server.
We're considering using node-http-proxy, to take advantage of node's speed and concurrency handling in case we get high traffic. We're new to Node.js, though.
The other option we're looking at is using the Rails app itself to forward these requests, the advantage being that we could use the existing session handling.
We'd prefer to use node-http-proxy, as it seems the most elegant solution (and an opportunity to play with Node.js, of course ;), but haven't figured out how to integrate it with our app's sessions (activerecord session store on postgres).
Is there a way to do it? Are there any other auth/security/session-checking strategies using node-http-proxy in parallel with a Rails app?
Oliver
I need to store payment gateway processor username/password credentials on a production web server, but would prefer not to do so in clear-text. What is the best way to store these credentials? Are their best practices for encrypting and decrypting this information?
It's a classic chicken-egg problem. Encryption does not help you at all if you can't protect the keys. And you obviously can't.
What I would suggest is to try to make the other services / users use hashes towards your authentication code, and save those hashes instead. That way at worst you will lose the hashes, but it might prove hard (depending on the rest of the setup) to actually use them maliciously. You might also want to salt the hashes properly.
An other possibility would be using an external authentication store if you can't enforce using hashes. It does not really solve the problem, but you can control the attack vectors and make it safer by allowing only very specific contact with the actual source with the important data.
Store outside of any directory that is web accessible.
Make sure only the app processes have read access.
Harden server.