Rails ActiveRecord store and new session -


i new rails , experience strange issue don't understand. use activerecord session store , need add session id property of json responses requests. use devise if have impact on situation. problem if request made user without cookies (or @ least without session id in cookie) session.id empty or - attention, please - not same value set in response cookie.

for debugging, add code after_filter applicationcontroller:

puts session.id puts request.session_options[:id]

both values same. match value in cookie if present. otherwise, if session id not present in cookie, cookie set after request has different value.

my opinion session_id gets new value after saved database, have unique. db migration:

def change   create_table :sessions |t|     t.string :session_id, :null => false     t.text :data     t.timestamps   end    add_index :sessions, :session_id, :unique => true   add_index :sessions, :updated_at end

my question: how can actual session.id value of new session before first response rendered?

upd:

i created new rails app uses activerecord session store without devise, , can session.id going set in cookie before response code id application controller:

class applicationcontroller < actioncontroller::base   after_filter :show_session    def show_session     puts session.id   end end

but in existing app devise value looks session id, doesn't match value set in cookie via set-cookie response header , value saved sessions table in database. looks devise have conflict activerecord session store in way. need go deeper figure out.

upd 2

looks found problem roots. said, use devise authorization omniauth. according documentation, sign_in method resets session id security reasons. after reset session.id returns old value, had been automatically set. use code omniauth callback:

def facebook_access_token   sign_in @user   puts session.id end

and in console session id different 1 set in set-cookie response header. if comment "sign_in" line, these values match. new question: how can new session id value after been reset inside of sign_in method? internal warden/devise implementation or something?

renewing still important , should not disable it

also new session id generated after execution of controller, therefore after have chance set response sent client.

the solution manually trigger renewing of session id

in applicationcontroller add method:

protected    def commit_session_now!     return unless session.options[:renew]      object = session.options.instance_variable_get('@by')     env = session.options.instance_variable_get('@env')     session_id = object.send(:destroy_session, env, session.id || object.generate_sid, session.options)      session_data = session.to_hash.delete_if { |k,v| v.nil? }     object.send(:set_session, env, session_id, session_data, session.options)      session.options[:renew] = false     session.options[:id] = session_id   end

then in controller call method before getting session id response

def my_action   ...   commit_session_now!   render json: {session_id: session.id}, status: :ok end

the code in commit_session_now! comes rack::session::abstract::id#commit_session https://github.com/rack/rack/blob/master/lib/rack/session/abstract/id.rb#l327


Comments

Post a Comment

Popular posts from this blog

html - How to style widget with post count different than without post count -

i have border below li elements in wordpress widget types appropriate. element inside set block gives them nice easy click full width. the problem, when choose option "show post count" when adding widget such categories or archives displays post count plain text after tag , because tag block pushes post number text line below. whether choose show post count or not show post count still gives exact same element identifyer example "widget_categories". how style post count not on next line still keep links non post count list items full width? here's example on sidebar www.bbmthemes.com/themes/modular/blog-standard/ in order solve problem need remove display:block; for ul.widgets ul a , add in it's place line-height: 33px; what going achieve have same visual effect. what going lose doing links going work on text , not on "box". the other way out of find post count coming , make changes this. example change text count i...
Read more

How to remove text and logo OR add Overflow on Android ActionBar using AppCompat on API 8? -

have researched death , cannot find answer. i have actionbar using appcompat. supporting api v7 (api v8 do). actionbar works api v11. api < v11 has problem of removing icon (and feature) actionbar without supplying overflow. big picture have app logo, app title, , 3 icons squidging same actionbar on low end phone. trying make room! i happy 1 of 2 solutions. either: a method of getting overflow functionality can retrieved pull down. (preferred) method of removing icon , text actionbar below current xml api 11+: <resources> <!-- base application theme api 11+. theme replaces appbasetheme res/values/styles.xml on api 11+ devices. --> <style name="appbasetheme" parent="theme.appcompat.light.darkactionbar"> <item name="android:actionbarstyle">@style/liteactionbarstyle</item> <item name="actionbarstyle">@style/liteactionbarstyle</item> </st...
Read more

IIS->Tomcat Redirect: multiple worker with default -

i trying configure multiple instances of tomcat (7) behind single domain in iis. tomcat instances both run on separate ports. have installed tomcat isapi_rediect.dll , configured iis. everything works redirector, except (you knew coming) being told "all other traffic must mapped 1 of 2 instances (they different applications). more accurate requests except specific pattern need mapped 1 worker , specific pattern (/rpt) needs go other worker. i have 2 workers defined in workers.properties: worker.list=ajp13_1,ajp13_2 worker.ajp13_1.port=8009 worker.ajp13_2.port=8010 and following in uriworkermap.properties: /wxx|/*=ajp13_1 /rpt|/*=ajp13_2 with this, seems fine. except (considerable) number of request not include wxx scope. need map rpt , sub content ajp3_2 , other requests ajp3_1. if add /|*=ajp13_1 then ajp3_2 becomes unreachable , wildchar match maps /rpt/* uri ajp3_1. is there way trying do? appreciate help- have spent time reading same references ...
Read more