gpt4 book ai didi

ruby-on-rails - 设计 Rails session ID

转载 作者:太空宇宙 更新时间:2023-11-03 16:27:44 24 4
gpt4 key购买 nike

事实证明,在使用 Devise(身份验证 gem)(在 session_controller 中)登录后获取 session ID(使用 session[:session_id]) after_sign_in_path_for) 在登录后第一次重定向前后不返回相同的东西。

谁能给我解释一下为什么?有没有办法在 重定向之前获取最终 session ID?

最佳答案

Gee-Bee ( https://github.com/Gee-Bee) 的回答仅供引用:

https://github.com/plataformatec/devise/issues/3706

Is anyone can explain me why ?

I'll try. In short:

Devise has nothing to do with it
Warden has something to do with it - it's setting :renew option on session, after setting user (proxy, spec)
Actual action takes place in in Rake::Session::Abstract#commit_session which updates session_id (by

calling destroy_session and set_session implementented in ActionDispatch::Session::CookieStore)

Is there any way to get the final session ID before redirecting ?

Sure it is. Bear in mind that Warden is changing session_id after authentication to prevent session fixation attacks, so in overriden devise controller you should manually change session_id in addition to disabling :renew session option. This will do:

session.options[:id] = session.instance_variable_get(:@by).generate_sid session.options[:renew] = false

关于ruby-on-rails - 设计 Rails session ID,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21867562/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com