Rails会话的当前做法 [英] Rails sessions current practices

问题描述

任何人都有Rails和会话的任何最佳实践提示？ Rails 3的默认会话类型仍然是CookieStore，对吧？我使用SqlSessionStore一段时间，它工作得很好，但我可以离开，赞成CookieStore。

Anyone have any "best practices" tips for Rails and sessions? The default session type for Rails 3 is still CookieStore, right? I used SqlSessionStore for a while and it worked well, but I may move away from that in favor of CookieStore.

对于敏感信息使用CookieStore仍然不是一个好主意，即使有盐渍信息或更好地存储在DB中？

Is it still not a good idea to use CookieStore for sensitive info, even with salted info or is that better stored in the DB?

推荐答案

将数据库用于会话，而不是基于Cookie的默认值，不应用于存储高度机密的信息

Use the database for sessions instead of the cookie-based default, which shouldn't be used to store highly confidential information

使用

rake db:sessions:create

运行迁移

rake db:migrate

确保您也让rails使用ActiveRecord管理您的会话。

Make sure you also tell rails to use ActiveRecord to manage your sessions too.

config / initializers / session_store.rb：

config/initializers/session_store.rb:

Rails.application.config.session_store :active_record_store

Rails 2

config / environment.rb：

Rails 2

config/environment.rb:

config.action_controller.session_store = :active_record_store

这篇关于Rails会话的当前做法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！