How force that session is loaded?

2019-01-11 18:59发布

站内问答 / 移动开发
1729 4 6

I'm working on an application that needs to use session id information. My session is stored in cookies. The problem I have is that my session is not immediately available to the controller when a user comes to the site for the first time. I think I may be missing something about how sessions are initialized in Rails. But I'm positve about the fact that the session is not loaded because this is the output of session.inspect:

#<Rack::Session::Abstract::SessionHash:0x15cb970 not yet loaded>

Here is how to reproduce the problem with Rails 3.2.11 and ruby 1.9.3:

Create a new application with a test controller:

rails new my_app
cd my_app/
rails g controller test
rm app/assets/javascripts/test.js.coffee
touch app/views/test/index.html.erb

Try to get the session id in that controller:

class TestController < ApplicationController
  def index
    puts session[:session_id]
    puts session.inspect
  end
end

Add the needed routes:

MyApp::Application.routes.draw do
  resources :test
end

Then access the application and see what it does:

rails server

got to: http://localhost:3000/test

That is the output in the console:

#<Rack::Session::Abstract::SessionHash:0x3fd10f50eea0 not yet loaded>

Then again http://localhost:3000/test and this time we have a session:

400706c0b3d95a5a1e56521e455075ac
{"session_id"=>"400706c0b3d95a5a1e56521e455075ac", "_csrf_token"=>"Euaign8Ptpj/o/8/ucBFMgxGtiH7goKxkxeGctumyGQ="}

4条回答
Lonely孤独者°
2楼-- · 2019-01-11 19:40

I found a way to force initialization of the session. Accessing the session apparently does not force initialization but writing into the session does. What I do in my controller is this now:

class MyController < ApplicationController
  protect_from_forgery
  def index
    session["init"] = true
    do_stuff
  end
end

Still I'm not sure if this should be considered normal behavior in Rails. It doesn't look right to me having to write into the session to force initialization. Reading should be enough.

查看更多
0人赞 添加讨论(0) 举报
forever°为你锁心
3楼-- · 2019-01-11 19:49

Here's some relevant code from ActionDispatch::Session:

 def [](key)
    load_for_read!
    @delegate[key.to_s]
  end

  private

  def load_for_read!
    load! if !loaded? && exists?
  end

Which implies that the session object will be loaded as soon as you access any value by its key via [].

查看更多
0人赞 添加讨论(0) 举报
再贱就再见
4楼-- · 2019-01-11 19:58

I agree with @joscas answer but instead of writing a value, I'd delete it as to not have redundant data.

class MyController < ApplicationController
  protect_from_forgery
  def index
    session.delete 'init'
    do_stuff
  end
end

The session is loaded this way too.

Note: Make sure you don't use the key to be deleted in your application.

查看更多
0人赞 添加讨论(0) 举报
一纸荒年 Trace。
5楼-- · 2019-01-11 19:58

I don't really understand your question. If you require a user to register or sign in before being able to access the site there should be no problem. When creating a user his information is immediately stored in a cookie. For example:

User controller: (registering is done through users#new)

def create
   @user = User.new(params[:user])
   if @user.save
     cookies.permanent[:remember_token] = user.remember_token
     redirect_to root_path, notice: "Thank you for registering!"
   else
     render :new
   end
 end

Sessions controller: (signing in is done through sessions#new)

 def create
  user = User.find_by_email(params[:session][:email].downcase)

  if user && user.authenticate(params[:session][:password])
    cookies.permanent[:remember_token] = user.remember_token
    redirect_to root_path, notice: "Logged in."
  else
    flash.now.alert = "Email or password is incorrect."
    render :new
 end
end
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)