如何防止 Rails 创建会话? [英] How do I prevent Rails from creating a session?

问题描述

我有一个 Rails 应用程序，我使用 activerecord-session_store 将会话存储在数据库中.我想阻止为未登录的用户创建会话，因为现在每个访问网站首页的爬虫都会获得一个持续存在于数据库中的会话.

I've got a Rails app for which I'm storing sessions in the database using activerecord-session_store. I want to prevent the creation of sessions for users that aren't logged in, because right now every crawler that hits the front page of the site gets a session that persists in the DB.

我的应用使用 Rails 4.2.0、activerecord-session_store 0.1.1 和 Devise 3.5.2.

My app uses Rails 4.2.0, activerecord-session_store 0.1.1, and Devise 3.5.2.

推荐答案

在 Rails 5.2.0 中使用:

In Rails 5.2.0 use:

request.session_options[:skip] = true

在提交登录或注册表单时可能会导致 ActionController::InvalidAuthenticityToken 错误.在 protect_from_forgery 中验证真实性令牌似乎依赖于会话.快速修复:在控制器中禁用(例如 SessionsController):

May result in ActionController::InvalidAuthenticityToken error when submitting sign in or sign up forms. Validating authenticity tokens in protect_from_forgery seems to rely on the session. Quickfix: Disable in controller (eg. SessionsController):

skip_before_action :verify_authenticity_token, only: [:create]

为了退出工作:

skip_after_action :skip_session, only: [:destroy]

这篇关于如何防止 Rails 创建会话?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！