Rails 3 附加会话配置选项(key、expires_after、secure)
有人可以指出新的 Rails 3.x 会话配置选项是什么吗?
我正在尝试复制 Rails 2.3.x 应用程序中的相同配置。
这是我在应用程序中使用的配置:
#environment.rb
config.action_controller.session_store = :active_record_store
config.action_controller.session = {
:key => '_something', #non-secure for development
:secret => 'really long random string'
}
# production.rb - override environment.rb for production
config.action_controller.session = {
:key => '_something_secure',
:secret => 'really long random string',
:expire_after => 60*60,#time in seconds
:secure => true #The session will now not be sent or received on HTTP requests.
}
但是,在 Rails 3.x 中,我只能找到以下内容:
AppName::Application.config.session_store :active_record_store
AppName::Application.config.secret_token = 'really long random string'
AppName::Application.config.cookie_secret = 'another really long random string'
是否还有其他配置设置来控制密钥、expire_after 时间和安全选项?
关于后者,如果在 production.rb 中设置了“config.force_ssl = true”,我认为不再需要安全选项?
非常感谢!
Can someone point out what the new Rails 3.x session configuration options are?
I'm trying to duplicate the same configuration that I have in my Rails 2.3.x application.
This is the configuration that I used in the application:
#environment.rb
config.action_controller.session_store = :active_record_store
config.action_controller.session = {
:key => '_something', #non-secure for development
:secret => 'really long random string'
}
# production.rb - override environment.rb for production
config.action_controller.session = {
:key => '_something_secure',
:secret => 'really long random string',
:expire_after => 60*60,#time in seconds
:secure => true #The session will now not be sent or received on HTTP requests.
}
However, in Rails 3.x, I can only find mention of the following:
AppName::Application.config.session_store :active_record_store
AppName::Application.config.secret_token = 'really long random string'
AppName::Application.config.cookie_secret = 'another really long random string'
Are there other config settings to control the key, expire_after time, and secure option?
Regarding the latter, if "config.force_ssl = true" is set in production.rb, I assume the secure option is no longer required?
Thanks very much!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
现在,您可以通过初始化程序配置基于 Cookie 的会话存储,该初始化程序可能位于 config/initializers/session_store.rb 中。在 Rails 3 中,会话存储是一个中间件,配置选项通过一次调用 config.session_store 传入:
您可以使用
将任何您想要的额外选项放入哈希中:key,例如(这些只是标准默认值)
如果您在生产中强制使用 SSL,那么在 cookie 上设置安全在实践中不会真正产生影响,但您可能希望将其设置为仅在安全方面...
You now configure the Cookie-based session store through an initializer, probably in
config/initializers/session_store.rb. In Rails 3 the session store is a piece of middleware, and the configuration options are passed in with a single call toconfig.session_store:You can put any extra options you want in the hash with
:key, e.g.(Those are just the standard defaults)
If you force SSL in production then setting secure on the cookie shouldn't really make a difference in practice, but you might want to set it just to be on the safe side...