https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292009-01-30T17:51:08ZRedmineRedmine - Feature #2628: Set session store to cookie store by defaulthttps://www.redmine.org/issues/2628?journal_id=70142009-01-30T17:51:08ZJean-Philippe Langjp_lang@yahoo.fr
<ul></ul><p>Setting cookie store by default is not so trivial since it requires a secret.<br />I never took the time to automate the process of generating a key at the first application start.</p> Redmine - Feature #2628: Set session store to cookie store by defaulthttps://www.redmine.org/issues/2628?journal_id=70782009-02-02T23:54:22ZEric Davis
<ul></ul><p>Mephisto has a rake task to automatically create a one. It's MIT licensed so we should be able to just use it:</p>
<p><a class="external" href="http://github.com/emk/mephisto/blob/1473acf8307ec21d2002acab94691841d8003580/lib/tasks/session_store.rake">http://github.com/emk/mephisto/blob/1473acf8307ec21d2002acab94691841d8003580/lib/tasks/session_store.rake</a></p>
<pre><code class="ruby syntaxhl"><span class="n">file</span> <span class="s1">'config/initializers/session_store.rb'</span> <span class="k">do</span>
<span class="n">path</span> <span class="o">=</span> <span class="no">File</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="no">RAILS_ROOT</span><span class="p">,</span> <span class="s1">'config'</span><span class="p">,</span> <span class="s1">'initializers'</span><span class="p">,</span> <span class="s1">'session_store.rb'</span><span class="p">)</span>
<span class="no">File</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="s1">'w'</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">f</span><span class="o">|</span>
<span class="n">f</span><span class="p">.</span><span class="nf">write</span> <span class="o"><<</span><span class="no">"EOD"</span> <span class="sh">
# This file was generated by 'rake config/initializers/session_store.rb',
# and should not be made visible to public. Do not check it into github!
# If you have a load-balancing Mephisto cluster, you will need to use the
# same version of this file on each machine. And be sure to restart your
# server when you modify this file.
# Your secret key for verifying cookie session data integrity. If you
# change this key, all old sessions will become invalid! Make sure the
# secret is at least 30 characters and all random, no regular words or
# you'll be exposed to dictionary attacks.
ActionController::Base.session = {
:session_key => '_mephisto_session_2',
:secret => '</span><span class="si">#{</span><span class="no">ActiveSupport</span><span class="o">::</span><span class="no">SecureRandom</span><span class="p">.</span><span class="nf">hex</span><span class="p">(</span><span class="mi">40</span><span class="p">)</span><span class="si">}</span><span class="sh">'
}
</span><span class="no">EOD</span>
<span class="k">end</span>
<span class="k">end</span>
</code></pre> Redmine - Feature #2628: Set session store to cookie store by defaulthttps://www.redmine.org/issues/2628?journal_id=74692009-02-20T09:19:27ZJavier Barroso
<ul></ul><p>Hi,</p>
<p>Is it sure remove + 2 days old session files ?</p>
<ol>
<li>df -i<br />/dev/sda4 294912 240644 54268 82% /opt</li>
</ol>
<p>I have 179585 session files from 28 - 1 - 2009</p>
<p>Can I setup config/initializers/session_store.rb only adding it, is it necessary any step more ?</p>
<p>Thank you</p>
<p>Sorry for my english</p> Redmine - Feature #2628: Set session store to cookie store by defaulthttps://www.redmine.org/issues/2628?journal_id=74952009-02-20T22:09:45ZEric Davis
<ul></ul><p>Javier Barroso wrote:</p>
<blockquote>
<p>Is it sure remove + 2 days old session files ?</p>
</blockquote>
<p>Yes, I have a crontab to remove sessions that are older than 10 hours.</p> Redmine - Feature #2628: Set session store to cookie store by defaulthttps://www.redmine.org/issues/2628?journal_id=75342009-02-21T19:05:11ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Target version</strong> set to <i>0.9.0</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>As of today, current trunk runs with Rails 2.2 and uses cookie store by default.<br />A rake task that generates a secret was added. Just run it once:</p>
<pre><code>config/initializers/session_store.rb</code></pre> Redmine - Feature #2628: Set session store to cookie store by defaulthttps://www.redmine.org/issues/2628?journal_id=78272009-03-05T15:32:38ZJavier Barroso
<ul></ul><p>Thanks Eric (and Jean),</p>
<p>I was thinking it was problem from plugin, see my report at:<br /><a class="external" href="http://sourceforge.net/tracker/index.php?func=detail&aid=2636633&group_id=228995&atid=1075435">http://sourceforge.net/tracker/index.php?func=detail&aid=2636633&group_id=228995&atid=1075435</a></p> Redmine - Feature #2628: Set session store to cookie store by defaulthttps://www.redmine.org/issues/2628?journal_id=133782009-12-30T00:45:45ZEric Davis
<ul></ul><p>I just added a second rake task to generate the session_store.rb (it's an alias). There's been a lot of problems with <code>rake config/initializers/session_store.rb</code>, many people think that the session_store.rb file needs to exist before the command can be run.</p>