开发者

Getting unique session ID in Sinatra

I have a simple web app built using Sinatra, with sessions enabled.

If I am understanding correctly, the session data is stored in an encoded cookie. As the session data changes, the value of the cookie will change also.

I need a unique session identifier that remains constant through the entire session. Is there such an 开发者_开发知识库identifier. Or must I create my own unique value and store it in the session myself?

Thanks!

EDIT: In a comment below I thought of a useful comparison. If I had a Java servlet, I would use the JSESSIONID as a unique identifier. I need a Sinatra equivalent to the JSESSIONID.


Because this is one of the first Google results for the subject and it contains no actual examples, here is a simple way to create your own SESSION_ID. We're relying on probability and cryptographically secure randomness to keep our IDs unique.

This is the only thing I put in my cookies. I keep all the other data on the back end to prevent anyone from tampering with it.

require 'sinatra'
require 'securerandom'

# The configuration here is just an example.  Use your own secret, etc.
use Rack::Session::Cookie,  :key => 'SESSION_ID',
                            :expire_after => 60*60*24, # == one day
                            :secret => 'This one time, at band camp...'

before do   # Before every request, make sure they get assigned an ID.
    session[:id] ||= SecureRandom.uuid
end

get '/' do  # Show off your new ID.
    "Your ID is #{session[:id]}"
end


In a sinatra app if you print out session.keys, you'll see there is a "session_id" that contains the unique id for the current session. You can access this 64 byte string as session["session_id"].


As the session data changes, the value of the cookie will change also.

This is true only if you're using cookies to store your session data, which is the default session storage used by sinatra. More details at http://rubydoc.info/github/rack/rack/master/Rack/Session.

I need a unique session identifier that remains constant through the entire session. Is there such an identifier. Or must I create my own unique value and store it in the session myself?

You can access sinatra session id using the id instance method on the session instance of Rack::Session::Abstract::SessionHash. More details at http://rubydoc.info/github/rack/rack/master/Rack/Session/Abstract/SessionHash#id-instance_method.

Example:

require 'sinatra'

configure do
  enable :sessions
end

get '/' do
  session.id
end


From what I can tell JSESSIONID is used to pass the session around in a query string, and Sinatra doesn't have something like that, at least not easily accessible. Sinatra uses Rack for session management, and by default uses a cookie to store all session data. There are other session options in Rack, like memcached, where a unique session id is stored in a cookie, but even there Rack abstracts that away so you don't ever need to see the session id (though it is still accessible, see the documentation).

If you want to go that route then look into messing with the Rack middleware in Sinatra, but if all you need is a unique id, then it would probably be easier to generate one yourself and store it in the session.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜