Apparently, after upgrading to Rails 2.3 my session storage has stopped working. I used to have this:
session :session_expires => 3.years.from_now
in my application_controller.rb, but now every time i close the browser (chrome) the session expires. I read from somewhere that session_expires would have changed to expire_after, but
session :expire_after => 3.years.from_now
didn't do any good eihter.
Ok, don't know why "session :expire_after => ..." didn't work, but i got it working with this:
ActionController::Base.session_options[:expire_after] = 3.years
Place this into your ApplicationController and just as your session expires a new one will be generated.
before_filter :change_session_expiration_time
def change_session_expiration_time
request.session_options[:expire_after] = 1.minute
end
Related
I'm new at Ruby/Rails, and I've got some questions about session mechanism in Rails and about sessions as a whole.
I've read that session mechanism in Rails 4 uses cookies as a
default store. Is it true?
As I know, sessions are destroyed after
closing a browser. Can I change time of expiration manually?
Thanks in advance.
Yes, sessions are stored in a cookie by default. If you look under config/initializers/ you will find a session_store.rb file with the following contents.
Appname::Application.config.session_store :cookie_store, key: '_appname_session'
As far as overriding this behaviour, you can create a custom cookie and set its expiration date to the time you want. Generally that's how user sessions are handled when creating authentication. For example:
def sign_in(user)
cookies[:session_token] = { value: user.session_token, expires: 1.day.from_now }
self.current_user = user
end
Then you use that cookie to persist the user session.
you can set timeout using expire_after in initializer
My::Application.config.session_store :active_record_store, {
key: "session_id",
domain: "domain.com",
expire_after: 12.hours,
}
Yes
Yes
Both of these things can be set in config/initializers/session_store.rb. E.g.:
MyApp::Application.config.session_store :cookie_store,
:key => '_my_app_session',
:expire_after => 30.minutes
My sessions seem to never expire, even though I configured my session_store.rb file to have this code:
Barcadia::Application.config.session_store :cookie_store,
:key => '_barcadia_session',
:expire_after => 15.minutes
I want users to have to re-login if they have been idle for more than 15 minutes. I am using rails 3.2 and I've tried both cookie_store and active_record_store... Nothing seems to work.
The only thing i see missing are the brackets:
Barcadia::Application.config.session_store :cookie_store, {
:key => '_barcadia_session',
:expire_after => 15.minutes
}
Some::Application.config.session_store :active_record_store, {
expire_after: 24.hours,
}
this worked for me
I'm trying to turn httponly off for use in phonegap. I'm useing rails 3.1 and devise, each of which have reported (but not documented) ways of doing this, none of which work:
# application.rb
config.session_options = { :httponly => false } # no effect
config.session = { :httponly => false } # undefined method `session='
# devise.rb
config.cookie_options = { :httponly => false } # also no effect
to test I restarted the server, deleted the existing cookie, and reloaded the page. 'Http' column was still checked in the chrome debugger.
help!
This little snippet seems to work :
Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false
As far as I can tell, this is a bug in rails. Perhaps the option got removed, but the documentation stayed. Any ideas on this would be welcome!
I spent several thorough hours with ActionPack, and couln't find any reference to such a configuration option-- but I still don't have the full picture as to how it works. Specifically, there's the cookiestore which holdes cookies and writes them to the header (and is passed :httponly => true), but I couldn't find how the session is using the store-- with vague things like the Rails SessionManage module being a proverbial ghost town.
I hacked up a middleware which does the job:
# application.rb:
config.middleware.insert_before ActionDispatch::Cookies, "UnshieldCookie" # remove httponly.
# unshielded_cookie.rb
class UnshieldCookie
def initialize(app)
#app = app
end
def call(env)
status, headers, body = #app.call(env)
headers['Set-Cookie'].gsub!('HttpOnly', '') if headers['Set-Cookie'].present?
[status, headers, body]
end
end
I'm using the dalli memcached client for session storage in my Rails app. I'd like to allow users to check a 'Keep me signed in' box when they login to the app, which will cause the session to expire after a month or something. It's pretty straightforward to set the expiration time in the app initialization:
config/initializers/session_store.rb
require 'action_dispatch/middleware/session/dalli_store'
Rails.application.config.session_store :dalli_store, :memcache_server => ['host1', 'host2'], :namespace => 'sessions', :key => '_foundation_session', :expire_after => 30.minutes
But how would I go about manipulating :expire_after after the app has been initialized?
Im not sure this work for you , but
in Rails 2.3 with db session store you could use somthing similar in your action .
request.session_options = request.session_options.dup
request.session_options[:expire_after] = 5.minutes
request.session_options.freeze
I hope it is useful
edit:
I found this new article for rails3
http://augustl.com/blog/2010/dynamic_session_expiration_time_in_rails_3
I hope it is useful
I've got a rails app with authlogic authentication and a username.domain.com structure built with subdomain-fu.
But my session breaks when going from domain.com to username.domain.com. I've tried to add
config.action_controller.session = {:domain => '.localhost:3000'}
to my development.rb but that seams to break authlogic disabling sign out/sign in.
Any suggestions on what to do?
Thanks in advance!
you are having this issue in the development mode but probably wont have this issue in prod mode.. you are trying to set the top level cookie. your browser wont let you do that. what you are trying to do with
config.action_controller.session = {:domain => '.localhost:3000'}
is as good as saying
config.action_controller.session = {:domain => '.com'}
try creating custom local domain like localhost.localdomain or dummylocal.com or something and that will make it work.
config.action_controller.session = {:domain => 'localhost.localdomain'}
config.action_controller.session = {:domain => 'dummylocal.com'}
For Rails3 the code above will raise NoMethodError:
undefined method `session=' for ActionController::Base:Class
So, for Rails3 you should not change you environment config but should set your app/config/initializers/session_store.rb to look like:
YourAppName::Application.config.session_store :active_record_store,
{:key => '_your_namespace_session', :domain => '.yourdomain.com'}
Maybe this can help: http://erikonrails.snowedin.net/?p=248 ?