简体繁体 English

是否可以“及时”创建Rails会话？

[英]Is it possible for Rails sessions to be created 'just in time'?

原文 2010-11-09 12:08:02 6 2 ruby-on-rails/ caching/ session/ cookies/ varnish

My understanding of the session lifecycle in Ruby on Rails (specifically v3 and upwards) is that a session is created at the start of a request, for each and every request, and if that request doesn't carry an existing session cookie a new one will be created, otherwise the session cookie is deserialized and stored in the session hash. 我对Ruby on Rails中会话生命周期的理解（特别是v3及更高版本）是在请求开始时为每个请求创建会话，如果该请求没有携带现有会话cookie，则会创建新会话cookie。将创建，否则会话cookie被反序列化并存储在会话哈希中。

The purpose of this, of course, supports a number of security features such as CSRF etc. 当然，这样做的目的是支持许多安全功能，例如CSRF等。

However, this poses a bit of an issue when it comes to caching of pages in a site with HTTP cache services and proxies such as Varnish, as most of the configurations tend to strip out these (generally all) cookies on both the request and response end (as the cache is usually intended for a generalized audience). 但是，当涉及到使用HTTP缓存服务和代理（如Varnish）的站点中的页面缓存时，这会带来一些问题，因为大多数配置往往会在请求和响应上删除这些（通常是所有）cookie。结束（因为缓存通常用于广义受众）。

I know that it is possible to setup Varnish etc to create the object hash with the cookie details included, and this would scope the cached data to that session (and therefor that user), however I am wondering if this is completely necessary. 我知道可以设置Varnish等来创建包含cookie详细信息的对象哈希，这会将缓存的数据范围限定到该会话（以及那个用户），但是我想知道这是否完全必要。

I have an application which is fairly 'static' in nature - content is pulled from a database, rendered into a page which can then be cached - there are a few elements (such as comment count, 'recent' items etc) which can be added in with an ESI, but for every request Rails still tends to want to setup a new session, and when a user already has a session this stuff is stripped out by the cache server. 我有一个相当“静态”的应用程序 - 内容从数据库中提取，呈现为一个可以缓存的页面 - 有一些元素（例如评论计数，'最近'项目等）可以是添加了一个ESI，但是对于每个请求，Rails仍然倾向于设置一个新会话，并且当用户已经有一个会话时，这个东西被缓存服务器剥离。

I am wondering if it might be possible (via pre-existing functionality, or building the functionality myself) to allow the developer to control when a session is required, and only when that is specified is the back-and-forwards with cookies, session initialization/deserialization etc necessary. 我想知道是否可能（通过预先存在的功能，或者自己构建功能）允许开发人员控制何时需要会话，并且只有在指定的是带有cookie，会话的前后转发时必要的初始化/反序列化等。

That, or I am thinking about this problem the wrong way and need to address the issue from another angle... 那，或者我正在以错误的方式思考这个问题，需要从另一个角度来解决这个问题......

2 个解决方案

From what I know rails sessions can be controlled fairly in-depth via ActionController::SessionManagement 据我所知，通过ActionController :: SessionManagement可以相当深入地控制rails会话

http://ap.rubyonrails.org/classes/ActionController/SessionManagement/ClassMethods.html#M000070 http://ap.rubyonrails.org/classes/ActionController/SessionManagement/ClassMethods.html#M000070

There are examples in the API docs of disabling it per action, per controller, etc. API文档中有一些示例，即每个操作，每个控制器等禁用它。

If your site is mostly static then you may want to use full page caching. 如果您的网站主要是静态的，那么您可能希望使用整页缓存。 This takes Rails out of the request entirely and let's the web server deal with it once the content has been generated. 这将Rails完全取出请求，让内容生成后让Web服务器处理它。 Might cause some serious headaches depending on your exact needs as far as the comment counts and user-specifics though. 根据您的确切需求，可能会引起一些严重的麻烦，尽管评论计数和用户细节。