diff options
| author | Louise Crow <louise.crow@gmail.com> | 2012-08-15 11:13:31 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2012-08-15 11:13:31 +0100 |
| commit | 781e6e2b33a31038a4f3aa62265f3042c108cae1 (patch) | |
| tree | 0b8b6ec7ecf410b90ad3dbbe973fe891e734087c | |
| parent | 7d71a5a2a2e33e6759cd55132006db2ac7cd8f47 (diff) | |
Rollback change to activerecord session store - whilst activerecord store has some advantages (notably avoiding permanent versus transient session hijack possibilities), I think it needs some more work/testing (we'd need to have good code for cleaning out stale activerecord sessions periodically - with activerecord store this is now our responsibility). We'd also need to reset the session key to kill all in progress sessions to prevent errors as rails tries to store long cookie keys in the limited key field of the activerecord store. For this release, it'll be more straightforward to fix the csv_upload file issue #526 in a more localized way.
| -rw-r--r-- | config/initializers/session_store.rb | 4 | ||||
| -rw-r--r-- | db/migrate/118_remove_sessions_again.rb | 16 |
2 files changed, 18 insertions, 2 deletions
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 3c3cbe5ad..a05d2c7d1 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -2,14 +2,14 @@ # Your secret key for verifying cookie session data integrity. # If you change this key, all old sessions will become invalid! -# Make sure the secret is at least 30 characters and all random, +# Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. ActionController::Base.session = { :key => '_wdtk_cookie_session', :secret => MySociety::Config.get("COOKIE_STORE_SESSION_SECRET", 'this default is insecure as code is open source, please override for live sites in config/general; this will do for local development') } -ActionController::Base.session_store = :active_record_store +ActionController::Base.session_store = :cookie_store # Insert a bit of middleware code to prevent uneeded cookie setting. require "#{Rails.root}/lib/whatdotheyknow/strip_empty_sessions" diff --git a/db/migrate/118_remove_sessions_again.rb b/db/migrate/118_remove_sessions_again.rb new file mode 100644 index 000000000..dc5a63df7 --- /dev/null +++ b/db/migrate/118_remove_sessions_again.rb @@ -0,0 +1,16 @@ +class RemoveSessionsAgain < ActiveRecord::Migration + def self.up + drop_table :sessions + end + + def self.down + create_table :sessions do |t| + t.string :session_id, :null => false + t.text :data + t.timestamps + end + + add_index :sessions, :session_id + add_index :sessions, :updated_at + end +end |