Here is my code:
if session[:firsttimestart].nil?
else
@firsttime = false
end
if @firsttime == true
initglobals()
end
session[:firsttimestart]=false
The problem is when I turn off the server and come back to the application, the session[:firsttimestart] is still false. It somehow stores this variable in my system without an expiration date so the iniglobals() is not called. I tried to use rake tmp:clear and it didn't work. How can I clear all the sessions that am using in my system each time I restart my server?
无论是 DB 还是 cookie 存储,使用rake tmp:sessions:clear
如果您将会话存储在数据库中,那么
rake db:sessions:clear
In Rails 4, the accepted answer ( rake db:sessions:clear
) no longer works because ActiveRecord::SessionStore was extracted into the active_record-session_store
gem. (See here for further explanation)
You can now either install the active_record-session_store
gem and use rake db:sessions:clear
as in Rails 3, or create a custom Rake task that looks like so:
namespace :db do
namespace :sessions do
desc "Clear ActiveRecord sessions"
task :clear => :environment do
sql = 'TRUNCATE sessions;'
ActiveRecord::Base.connection.execute(sql)
end
end
end
Firstly, nil is not == false, however, nil evaluates to false. Try it yourself if you do not believe:
irb(main):001:0> nil == false
=> false
irb(main):002:0> nil == nil
=> true
Which ofcourse means:
irb(main):003:0> false.nil?
=> false
You can clean up your code in the following manner as it seems like @firsttime is never set to true anywhere.
unless session[:visited]
session[:visited] = true
initglobals
end
Finally, rake tmp:sessions:clear will only work if you are using ActiveRecordStore, if you are using CookieStore (which is the default). Then you will need to clean your cookies, or use reset_session.
I'm using Rails 4 and the following solution worked for me as I do not want to manual run rake db:session:clear
every time I start my application.
Inside /config/initializer/session_store.rb add the following
ActiveRecord::SessionStore::Session.delete_all
This is just the same as the rake command but done at the initializer level.
Best is to change the secret key on the deployment, all cookies will be invalidated
technically, you should be providing one already via an environment variable.
http://guides.rubyonrails.org/security.html#custom-secrets
for the rake task, it looks like the new one is
rails tmp:clear
In Rails 5 if using ActiveRecord:
ActiveRecord::SessionStore::Session.delete_all
or for more granular:
# For example schedule this once a day`
ActiveRecord::SessionStore::Session.where(["updated_at < ?", 2.weeks.ago]).delete_all
At least for sessions stored in cookies , you could just change your session store key:
initializers/session_store.rb:
Rails.application.config.session_store :cookie_store, key: '_my_new_session_key'
According to the Rails API: ...changing your secret_key_base will invalidate all existing sessions
https://api.rubyonrails.org/v5.2.1/classes/ActionDispatch/Session/CookieStore.html
提出替代解决方案:您可以更改secret_key_base
- 如果身份验证是在另一个应用程序中完成的。
rake db:schema:cache:clear
这会在使用 rails API 时清除缓存和所有会话,对于其他数据库任务,请使用:
rake --tasks
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.