If I am handling authentication manually, and am setting session like so:
session[:user_id] = authenticated.user.id
user_id does not show up in my session hash when viewed from another namespace. In this instance I have a namespace :api, and session doesn't show up at api/show/current. How do I set the session hash to be viewed in both namespaces?
The session is completely independent from namespaces, maybe there is something else wrong with your app?
where do you set the user_id?
maybe providing more code helps
Related
I know how to change laravel configuration in order to expire all session variables on close but I want to do this only for one variable and I want all other variables to remain in the browser on close!
I have searched a lot without any chance!
When a user requests a page, is this when a session is started for that user? From what I can tell, a session is started as soon as you make a page request...
If this is the case, when do you create session variables? i.e. username, password, preferences, etc... just any time?
Yes the session scope for the user is setup on the first request. However it depends on your preference as to when you want to set various flags and values. You probably don't want to put password in the session scope though.
What I like to do is put user specific values in a user struct. So on request start I'd check for the variable and setup if it doesn't exist. For example...
<cfif not structkeyexists(session, "user")>
<cfset session.user = {
authorized = false
, admin = false
, username = ''
, accountid = ''
<!--- etc --->
} />
</cfif>
When the user logs in you can then fill in the appropriate values and set session.user.authorized = true
When the user logs out the nice thing about this approach is you can just delete the users struct.
<cfset structdelete(session, "user") />
Then on the next page the check will be made again for the user struct and created if it doesn't exist.
The basics of configuring and using session variables are explained here.
A session is basically a logical relationship between a client and an application, so session variables are available from the client's first request to your application, and the session is typically persisted across requests using cookies which uniquely identify the session, although this can be also done by passing the identifiers in the url. It's worth paying attention to your session timeout settings, for example you may want to provide a shorter timeout to bots/crawlers which don't set cookies and will therefore initiate a new session for each page request (more details on this).
I have a simple web app built using Sinatra, with sessions enabled.
If I am understanding correctly, the session data is stored in an encoded cookie. As the session data changes, the value of the cookie will change also.
I need a unique session identifier that remains constant through the entire session. Is there such an identifier. Or must I create my own unique value and store it in the session myself?
Thanks!
EDIT: In a comment below I thought of a useful comparison. If I had a Java servlet, I would use the JSESSIONID as a unique identifier. I need a Sinatra equivalent to the JSESSIONID.
Because this is one of the first Google results for the subject and it contains no actual examples, here is a simple way to create your own SESSION_ID. We're relying on probability and cryptographically secure randomness to keep our IDs unique.
This is the only thing I put in my cookies. I keep all the other data on the back end to prevent anyone from tampering with it.
require 'sinatra'
require 'securerandom'
# The configuration here is just an example. Use your own secret, etc.
use Rack::Session::Cookie, :key => 'SESSION_ID',
:expire_after => 60*60*24, # == one day
:secret => 'This one time, at band camp...'
before do # Before every request, make sure they get assigned an ID.
session[:id] ||= SecureRandom.uuid
end
get '/' do # Show off your new ID.
"Your ID is #{session[:id]}"
end
In a sinatra app if you print out session.keys, you'll see there is a "session_id" that contains the unique id for the current session. You can access this 64 byte string as session["session_id"].
As the session data changes, the value of the cookie will change also.
This is true only if you're using cookies to store your session data, which is the default session storage used by sinatra. More details at http://rubydoc.info/github/rack/rack/master/Rack/Session.
I need a unique session identifier that remains constant through the entire session. Is there such an identifier. Or must I create my own unique value and store it in the session myself?
You can access sinatra session id using the id instance method on the session instance of Rack::Session::Abstract::SessionHash. More details at http://rubydoc.info/github/rack/rack/master/Rack/Session/Abstract/SessionHash#id-instance_method.
Example:
require 'sinatra'
configure do
enable :sessions
end
get '/' do
session.id
end
From what I can tell JSESSIONID is used to pass the session around in a query string, and Sinatra doesn't have something like that, at least not easily accessible. Sinatra uses Rack for session management, and by default uses a cookie to store all session data. There are other session options in Rack, like memcached, where a unique session id is stored in a cookie, but even there Rack abstracts that away so you don't ever need to see the session id (though it is still accessible, see the documentation).
If you want to go that route then look into messing with the Rack middleware in Sinatra, but if all you need is a unique id, then it would probably be easier to generate one yourself and store it in the session.
I am working on a friend reference function, so I pass the user id through the url like this:
www.example.com?fid=22
I need to set this as a session or cookie with access to all modules in Drupal 6.
If i set the session it returns for the particular module. Setting the cookie is not working at all.
$user->new_property works only on the particular page where it is set, if I move to another page there is no new_property in $user variable object list.
If you want to save a variable in a users session, you can in Drupal (PHP) use the super global varaible $_SESSION.
$_SESSION['fid'] = $_GET['fid'];
The above code is an example of how this could be done.
Since you are getting the info from the URL the user can change it as his whim. So be careful what you use such data for and never trust it blindly. It could become anything, as the user always freely can alter the url any way he want.
I am working on a guess-a-number game with Ruby that will be online. I know I need to pass the SESSION somehow to keep the number that they are guessing, but I have tried a ton of methods with no luck. My code is here.
Any thoughts on what I can do get this code working? I have declared each of my sections.
A session is, usually, a combination of a cookie (session cookie), or some session id tacked onto the url, which has some unique identification of the current "session" and a way to save the data on the server and retrieve it when given the id from the cookie.
So I would set a cookie based on for example ip + Time.now.to_i and then save that ID and the values I want set into a database or a text file on the hard drive. Note that there is probably a lot better ways to create a unique ID but aim for the simple stuff first. :)
I also recommend that you look into CGI::Session which you require with require 'cgi/session'.