购物车与Devise - session_id登录后更改

Question

I try to implement a shopping cart. I store session_id in a database, and related products which are on a shopping cart. After signing in I would like to have the same session and be able to connects these products with user by accessing session_id. But session_id seem to be different after logging in. How can I prevent from this behaviour (I believe Warden do this), or if it's wrong, how should I implement it? Here is some of my code:

This is in application_controller in a before filter

 def create_session session_id = request.session_options[:id] if session_id session = Session.find_or_create_by_session_id(session_id) if session.user_id && !user_signed_in? session.update_attribute(:user_id, nil) end end end 

And this is in before filter after authentication

 def update_user_session session_id = request.session_options[:id] user_id = user_signed_in? ? current_user.id : nil session = Session.find_by_session_id(session_id) if (session && session.user_id.nil?) Session.delete_all(user_id: user_id) session.update_attribute(:user_id, user_id) end end 

Answer 1

The session id needs to change after every log in. It is for security reasons. If you study more about sessions, you'll realise that you should not store transient data in a session. If you need to store some products for a particular session, why not store it corresponding to that user id instead of corresponding to a session id. If you have a cart before a user has signed in but want it to be available to the user after the user logs in, you should store the cart first in the browser local database and then transfer the results to your server after the user logs in. I hope it answers your question. Feel free to ask further questions.