About Rails session stores
Sessions allow you to store objects in memory between requests. This is useful for objects that are not yet ready to be persisted, such as a Signup object constructed in a multi-paged process, or objects that don't change much and are needed all the time, such as a User object for a system that requires login. The session should not be used, however, as a cache for objects where it's likely they could be changed unknowingly. It's usually too much work to keep it all synchronized - something databases already excel at.
Rails has several different methods of storing the session data. They are:
- PStore (default in Rails 1.x)
- CookieStore (default in Rails 2.x)
- ActiveRecordStore
- DRbStore
- FileStore
- MemoryStore
Switching from one type of session store to another
For various reasons, you may find yourself wanting to switch the type of session store you are using. It seems simple enough, just update config.action_controller.session_store in your environment, redeploy and you're done! Right? Well, there's a problem… you'll likely be greated with something like this:
CGI::Session::CookieStore::TamperedWithCookie
[RAILS_ROOT]/vendor/rails/actionpack/lib/action_controller/
session/cookie_store.rb:142:in `unmarshal'
If the user reloads the page the error will correct itself, but greeting all of your users with an error page isn't really the best idea. This can be easily solved by changing your session_key, in your application controller. For example:
session :session_key => '_mysite_new_session_id'
After that, all of your users who were previously logged in will have to re-login, but no one will be greeted with an error.
Post Comments