On Sunday, August 24, 2014 5:33:00 PM UTC+1, Ruby-Forum.com User wrote: > > Colin Law wrote in post #1155762: > > 4. When someone logs out, I clear the value and call reset_session. > Again I see the sql record has the "data" variable with changed value. > > session[:user_id] = nil > reset_session > > Hence the problem is: > 1. Can't I ensure a session record is created only when I want - After > the user logs in ? > 2. If not, Can I differentiate a authenticated session vs > unauthenticated sessions (sessions where the login page was just loaded > OR sessions where the user logged out) ? > > A row gets set in the sessions table (or whatever session store you use) whenever something is assigned to the session. In particular, pretty much any time you display a form (or call csrf_meta_tag) rails saves the value of the csrf token to the session. This is probably why you're seeing sessions created on displaying the login page.
You can't by default differentiate between authenticated sessions and non authenticated sessions: rails' session support is unaware of what authenticated means to you. You could probably do this with a custom session store - a session store implementation has access to the rack env hash, so your app code could set values in there that the session store could save. The active record store implementation that was extracted from rails (https://github.com/rails/activerecord-session_store) would probably be a good place to start Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/c9478d8c-2425-4803-a291-537de066de13%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
