Basic Rails Question: Building Data Over Several Pages

Question

All Rails expert sites say not to store ActiveRecords in the Session. However, I have a multiple-field ActiveRecord object that spans several pages. The code I'm trying to clean up used hidden fields to pass the data forward, which seems like a bad idea (user can tamper for one thing). What's the typical, or good, way to divide up a model-filling page into several pages?

Note: I could save the ActiveRecord to the DB and then get it with the ID, which I store in session... the problem is that the ActiveRecord has several validations which won't let it save without all the data. I could store the params themselves in session, or something.... there must a standard way to do this...

Answer 1

Convert the object/s into yaml using obj.to_yaml and save the yaml as text in the db (or even a flat file). store the id in the session. reload it when needed. obj.to_yaml serializes the object without need for saving, skipping rails activerecord validations.

Answer 2

We use the following pattern which appears to work well.

1. Add an attribute accessor called wizard_stage to the model:

   attr_accessor :wizard_stage

2. Add a hidden field :wizard_stage to the form for the record in each of pages. Set the value of the field to something which reflects what the page does, so for example:

   f.hidden_field :wizard_stage, :value => 'contact_details'

3. In the model validation, add a condition like the following:

   validates ... :if => lambda{|m| m.wizard_stage == 'contact_details'}

Now the record can be saved for every submission, gradually filling in more attributes.

Note that this allows an attacker to bypass validation if they want, but in our case (most cases?) that doesn't really matter.