There's absolutely no reason that I can think of for you to store
sessions in the database. As was stated previously, you shouldn't store
any personal data in the session. Don't be afraid to use cookies! When
implemented properly, you should have nothing to fear.
Here's an example you can do with your session_store.rb file. I even
added a gist so you can see the formatting better.
/config/session_store.rb
Yourapp::Application.config.session_store :cookie_store
Yourapp::Application.config.session = {
:key => '_yourapp_session', # name of cookie that
stores the data
:domain => nil, # you can share between
subdomains here: '.subdomain.com'
:expire_after => 1.month, # expire cookie
:secure => false, # for https its true
:httponly => true, # a measure against XSS
attacks, prevent client side scripts from accessing the cookie
:secret => 'YOUR SECRET GOES HERE' # RUN RAKE SECRET to
generate secret
}
You can read it better by going to this gist:
https://gist.github.com/993390
Hope that helps.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
