开发者

Rails: Advantages of storing session in database?

问答 作者:

I'm just wonder开发者_运维技巧ing why storing session in database? Is there any advantage to storing session in database?

The advantage to the database or memcached is that session data cannot be tampered with on the client side and that you can store a larger amount of data than you would with cookies (4kB).

If your session is stored in cookies or the database and the web service is restarted then the session data is not lost. It may only be lost if it is stored in memcached.

If the server is load balanced then the session data is passed to the web server that is serving the request, so this is not an issue with cookies, database, or memcached sessions.

The advantage of cookies over memcached or the database is that the client stores the session data, so the server is not responsible for it.

Keep in mind that either way cookies will be passed to and from the client because a session reference still needs to be maintained.

The two reasons I can think of are that:

1) If the web service is restarted, the session data is not lost

2) In a load balanced environment, the session data is stored in a central location, meaning any server can serve the request and have access to the session data.

There are at least three reasons I can think of. If you save the session in the DB you can:

  • access it easily on any Rails instance you execute. So if you have more than one machine, you don't have to worry about distributing the session data.
  • You don't have the 4kb session limit session that only aplies when using cookie session store. Although you are not supposed to use the session to store objects, you may that functionality some day.
  • When using and RDBM (and not Memcached, or any other non persisted storage) you don't have to worry about loosing session data.

one less obvious and small advantage to having the sessions in the database is that if you need to count current sessions and see the names of other logged in users it is easier to implement than if you were using cookies only to store session data or memcached.

another advantage is to handle session expiry on the server side as described in section 2.9:

http://guides.rubyonrails.org/security.html

"However the client can edit cookies that are stored in the web browser so expiring sessions on the server is safer."

class Session < ActiveRecord::Base
  def self.sweep(time = 1.hour)
    if time.is_a?(String)
      time = time.split.inject { |count, unit| count.to_i.send(unit) }
    end

    delete_all "updated_at < '#{time.ago.to_s(:db)}' OR
     created_at < '#{2.days.ago.to_s(:db)}'"
  end
end

继续阅读:rubyruby-on-rails-3session

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9