a session store that helps to mitigate race conditions
Pull request Compare This branch is 45 commits behind fcheung:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


== SmartSessionStore

A session store that avoids the pitfalls usually associated with concurrent access to the session (see http://www.texperts.com/2007/05/01/race-conditions-in-rails-sessions-and-how-to-fix-them/)

Derived from SqlSessionStore, see http://railsexpress.de/blog/articles/2005/12/19/roll-your-own-sql-session-store

== Step 1

Generate your sessions table using rake db:sessions:create

== Step 2

Add the code below in an initializer
  ActionController::Base.session_store = :smart_session_store

Finally, depending on your database type, add

    SmartSessionStore.session_class = MysqlSession

    SmartSessionStore.session_class = PostgresqlSession
    SmartSessionStore.session_class = SqliteSession

after the initializer section in environment.rb

== Step 3

If you are running Rails 2.3 or later you need to tell Rails that your session store uses the database. If you don't then your app will use up all the connections in its connection pool and many requests will suffer from a 5 second delay. The Rails initializer special cases the ActiveRecordStore session store (in initialize_database_middleware). You can either change references there to SmartSessionStore or you can put

ActionController::Dispatcher.middleware.delete "ActiveRecord::ConnectionAdapters::ConnectionManagement"
ActionController::Dispatcher.middleware.delete "ActiveRecord::QueryCache"
ActionController::Dispatcher.middleware.insert_before :"SmartSessionStore", ActiveRecord::ConnectionAdapters::ConnectionManagement
ActionController::Dispatcher.middleware.insert_before :"SmartSessionStore", ActiveRecord::QueryCache

at the bottom of environment.rb

== Step 4 (optional)

If you want to use a database separate from your default one to store
your sessions, specify a configuration in your database.yml file (say
sessions), and establish the connection on SqlSession in

   SqlSession.establish_connection :sessions

== Testing

To run tests with a certain database, set the DATABASE attribute.
You may need to configure the database.yml or your database server.

For example:

   rake test    # defaults to mysql
   rake test DATABASE=postgresql

== Performance Implications

There's no such thing as a free lunch. Whenever you make changes to the session you'll incur a small extra hit: we lock the current session row, we reload it to determine if there is updated data and we merge the changes before doing the actual save. On the flipside, we only save the session at all if changes have been made.

== Optimistic locking

You can enable optimistic locking by adding an integer column called lock_version to your sessions table. It should have a default value of 0. The optimistic locking feature is identical in concept to optimistic locking within Rails and saves a database query in those cases where there is no need to merge changes, which is usually the most common case.


1. You will need the binary drivers for Mysql or Postgresql.
   These have been verified to work:

   * ruby-postgres ( with PostgreSQL 8.1
   * postgres ( with PostgreSQL 8.3
   * pg ( with PostgreSQL 8.3
   * ruby-mysql 2.7.1 with Mysql 4.1
   * ruby-mysql 2.7.2 with Mysql 5.0

2. Tests have been done with SqlLiteSession, SqlSession, PostgresqlSession
   and MysqlSession. Feedback would be very much appreciated.