Is there a way to load and set a specific session from the database in ruby on rails?

Question

My Scenario:

• Sessions are being stored in the database using ActiveRecord::SessionStore
• User is on site at 'http://domain.com '
• they go to secure checkout at 'https://domain.secure.com' (our app has lots of domains, but want to send everyone through secure checkout on the same domain to save SSL headaches).
• We append session_id and a hash to authenticate and identify the user at 'https://domain.secure.com'
• Load that users session data by doing ActiveRecord::SessionStore::Session.find_by_session_id(session_id)

The above all works fine. BUT how can I actually set the same session_id to the user once they are on 'https://domain.secure.com'? I can loop through the data and assign it to the user's session, but Rails automatically gives the user a new session_id on 'https://domain.secure.com'. I want the users session to be stored in the same database row regardless of whether they are on 'http://domain.com' or 'https://domain.secure.com'

Why do I want to do this? For ease of expiring sessions. I can just remove that row from the sessions table.

Otherwise I'm thinking I'll have to add a user_id column to the sessions table and then when i want to expire the session, I delete all rows for that user. But this sounds more complicated to me. I'd rather just have one row in the sessions table.

Any suggestions?

Answer 1

A couple ways to approach this.

One, you could look at a higher level of abstraction for authentication that lets you manage cross server. For example, Devise http://github.com/plataformatec/devise

Second, you can override the whole session controller and write your own session manager. A bit more work, but not that complicated if you ultimately need a bunch of custom functionality. I remember correctly, start with this in your environment:

CGI::Session::ActiveRecordStore.session_class = MySessionClass 

and go from there..