How would I clear all rails sessions?
Question
Here is my code:
if session[:firsttimestart].nil?
else
@firsttime = false
end
if @firsttime == true
initglobals()
end
session[:firsttimestart]=false
The problem is when I turn off the server and come back to the application, the session[:firsttimestart] is still false. It somehow stores this variable in my system without an expiration date so the iniglobals() is not called. I tried to use rake tmp:clear and it didn't work. How can I clear all the sessions that am using in my system each time I restart my server?
10 answers
solution1
50 2012-07-10 22:25:05
无论是 DB 还是 cookie 存储,使用rake tmp:sessions:clear
solution2
28 ACCPTED 2010-06-19 09:07:08
如果您将会话存储在数据库中,那么
rake db:sessions:clear
solution3
6 2014-07-03 15:07:55
In Rails 4, the accepted answer ( rake db:sessions:clear ) no longer works because ActiveRecord::SessionStore was extracted into the active_record-session_store gem. (See here for further explanation)
You can now either install the active_record-session_store gem and use rake db:sessions:clear as in Rails 3, or create a custom Rake task that looks like so:
namespace :db do
namespace :sessions do
desc "Clear ActiveRecord sessions"
task :clear => :environment do
sql = 'TRUNCATE sessions;'
ActiveRecord::Base.connection.execute(sql)
end
end
end
solution4
4 2010-06-19 14:42:26
Firstly, nil is not == false, however, nil evaluates to false. Try it yourself if you do not believe:
irb(main):001:0> nil == false
=> false
irb(main):002:0> nil == nil
=> true
Which ofcourse means:
irb(main):003:0> false.nil?
=> false
You can clean up your code in the following manner as it seems like @firsttime is never set to true anywhere.
unless session[:visited]
session[:visited] = true
initglobals
end
Finally, rake tmp:sessions:clear will only work if you are using ActiveRecordStore, if you are using CookieStore (which is the default). Then you will need to clean your cookies, or use reset_session.
solution5
2 2016-03-02 16:37:17
I'm using Rails 4 and the following solution worked for me as I do not want to manual run rake db:session:clear every time I start my application.
Inside /config/initializer/session_store.rb add the following
ActiveRecord::SessionStore::Session.delete_all
This is just the same as the rake command but done at the initializer level.
solution6
2 2016-10-17 17:03:51
Best is to change the secret key on the deployment, all cookies will be invalidated
technically, you should be providing one already via an environment variable.
http://guides.rubyonrails.org/security.html#custom-secrets
for the rake task, it looks like the new one is
rails tmp:clear
solution7
2 2017-12-08 18:11:54
In Rails 5 if using ActiveRecord:
ActiveRecord::SessionStore::Session.delete_all
or for more granular:
# For example schedule this once a day`
ActiveRecord::SessionStore::Session.where(["updated_at < ?", 2.weeks.ago]).delete_all
solution8
1 2019-10-01 19:30:07
At least for sessions stored in cookies , you could just change your session store key:
initializers/session_store.rb:
Rails.application.config.session_store :cookie_store, key: '_my_new_session_key'
According to the Rails API: ...changing your secret_key_base will invalidate all existing sessions
https://api.rubyonrails.org/v5.2.1/classes/ActionDispatch/Session/CookieStore.html
solution9
0 2018-09-27 08:37:02
提出替代解决方案:您可以更改secret_key_base - 如果身份验证是在另一个应用程序中完成的。
solution10
0 2020-03-21 21:13:43
rake db:schema:cache:clear
这会在使用 rails API 时清除缓存和所有会话,对于其他数据库任务,请使用:
rake --tasks
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.