Rails with ActiveRecord sessions and re-authentication: when is the session table written?
Warning: some of them can be very wrong, so please let me know if my assumptions are wrong.
Here's what I'm trying to accomplish:
I am using restful-authentication to login. However, since I am using flex / ruby_amf for my UI, I have to authenticate each connection from flex separately.
The way I decided to do this is to redirect the login screen to the embedded flash page by inserting the session id as flashvar. The Flash application sends a session ID with every request, and the filter checks before all relevant controllers if the user associated with the session identified by the session ID is logged in.
The way I bind the user to the session is to add the "user_id" column to the sessions table, and executing the "user_id queryset ..." SQL queries invokes the query from the login function.
However, the user_id is only updated the second time the user logs in. A little research showed that the entry in the session table does not yet exist at the time of the login function.
So, if everything up to this point makes sense and follows best practices, etc., then my question is:
At what point in time is a record created in the session table? Is there a way to update the session object in the login function and have rails to write the user_id to the database for me?
The behavior of the sessions on the rails is a real mystery to me. I would appreciate any help.
Thanks.
a source to share
In Rails 2.3, the session persists after the Rack application has finished processing. In traditional Rails applications, this will be after the request has been fully processed: before filters, controller action, render rendering, and filters. Take a look actionpack/lib/action_dispatch/vendor/rack-1.1.pre/rack/session/abstract/id.rb
.
If you think about it, it makes sense. Writing a session to its storage every time you put something into a session will incur additional additional overhead.
This is Rails, so if you want to deal with it enough, of course you can the monkeys take care of how to record the session whenever you want. I do not recommend it. As a result, you will have to constantly recycle your code as Rails evolves.
You are correct that for ActiveRecord :: SessionStore, one line displays one session. Column data
is the encoded form of every object that you put into the session. Each time a request comes in, Rails must recreate the session as it existed, creating new instances of all objects previously stored in it.
a source to share