Rails 会议当前的实践 [英] Rails sessions current practices
问题描述
有人对 Rails 和会话有任何最佳实践"提示吗?Rails 3 的默认会话类型仍然是 CookieStore,对吗?我使用了 SqlSessionStore 一段时间,它运行良好,但我可能会放弃使用 CookieStore.
Anyone have any "best practices" tips for Rails and sessions? The default session type for Rails 3 is still CookieStore, right? I used SqlSessionStore for a while and it worked well, but I may move away from that in favor of CookieStore.
将 CookieStore 用于敏感信息是否仍然不是一个好主意,即使是加盐信息,还是更好地存储在数据库中?
Is it still not a good idea to use CookieStore for sensitive info, even with salted info or is that better stored in the DB?
推荐答案
将数据库用于会话,而不是基于 cookie 的默认设置,后者不应用于存储高度机密的信息
Use the database for sessions instead of the cookie-based default, which shouldn't be used to store highly confidential information
用
rake db:sessions:create
运行迁移
rake db:migrate
确保你也告诉 Rails 使用 ActiveRecord 来管理你的会话.
Make sure you also tell rails to use ActiveRecord to manage your sessions too.
config/initializers/session_store.rb:
config/initializers/session_store.rb:
Rails.application.config.session_store :active_record_store
轨道 2
config/environment.rb:
Rails 2
config/environment.rb:
config.action_controller.session_store = :active_record_store
这篇关于Rails 会议当前的实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!