Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prefer database for session storage #1968

Open
Bodacious opened this issue Oct 24, 2018 · 3 comments
Open

Prefer database for session storage #1968

Bodacious opened this issue Oct 24, 2018 · 3 comments
Labels
database optimization

Comments

@Bodacious
Copy link
Contributor

As described in the Rails documentation, it's safer for us to use server-side session storage than browser-side:

One possibility is to set the expiry time-stamp of the cookie with the session ID. However the client can edit cookies that are stored in the web browser so expiring sessions on the server is safer. Here is an example of how to expire sessions in a database table. Call Session.sweep("20 minutes") to expire sessions that were used longer than 20 minutes ago.
@Bodacious Bodacious mentioned this issue Oct 24, 2018
Merged
@magdalenadrafiova
Copy link

@briri @xsrust is this still something that we want to consider?

@briri
Copy link
Contributor

briri commented Jul 7, 2020

yes, I think this would still be a good idea. We can investigate the recommended approaches for Rails 5.2 or 6. What do you think @xsrust?

@xsrust
Copy link
Contributor

xsrust commented Jul 8, 2020

Agreed, This sounds like a good idea for a future refactor, but not a priority

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
database optimization
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Bodacious @briri @xsrust @magdalenadrafiova