Rails ActiveRecord 会话
我正在使用 ActiveRecord 会话存储,并且有一些关于使用该存储的问题。
我可以轻松创建一个直接访问任何会话的模型(从控制台,而不是作为控制器或任何东西):
class Session < ActiveRecord::Base
end
然后我可以访问和解码会话的内容,例如
Marshal.load(ActiveSupport::Base64.decode64(Session.first)
但我很好奇为什么我似乎找不到还有很多人在做这种事情吗?至少,我至少希望有一份删除过期会话的工作,这样会话表就不会不断增长。我还在会话中存储了几个对应用程序逻辑很重要的字段。可以想象,我可能在某个时候想要使用基于解码会话数据的逻辑来执行一些维护任务。这种存储方式是设计禁忌吗?
我希望在管理生产 Rails 应用程序方面有更多经验的人可以尝试解决某些或这些问题,或者至少分享他们如何使用会话。
谢谢。
编辑:我刚刚意识到会话数据存储是 Base64 编码的,并且没有以任何方式加密。
I'm using ActiveRecord Session Store and I have a few questions regarding using this store.
I can easily create a model for accessing any session directly (from the console, not as a controller or anything):
class Session < ActiveRecord::Base
end
I can then access and decode the contents of sessions, for example
Marshal.load(ActiveSupport::Base64.decode64(Session.first)
But I'm curious why I can't seem to find many other people doing this sort of thing? At the very least, I would at least want to have a job to delete expired sessions, so the sessions table doesn't grow and grow. I also store several fields in sessions which are important to the application logic. It is conceivable that I might at some point want to perform some maintenance task with logic based on decoded session data. Is this sort of storage a design taboo?
I'm hoping that someone who has more experience managing a production rails application could take a stab at some or these questions, or at least share how they are using sessions.
Thanks.
edit: I just realized that the session data store is Base64 encoded, and not encrypted in any way.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不建议在 cookie 中存储数据。查看 ActiveRecord 存储中的会话。它在用户的 cookie 中存储一个键,该键引用回数据库中的记录。
I wouldn't recommend storing data in the cookie. Look at ActiveRecord store for sessions. It stores a key in the user's cookie that references back to a record in the db.