it’s time to announce my second plugin for ruby on rails, limited_sessions.

it’s been publicly available for several days, so i guess it’s time that i actually talk about it.

this came out of a need to manage sessions more intelligently than rails does by default. all of these is built as an extension to ActiveRecordStore, so sessions must be stored in the db. features:

• configurable, server-enforced session expiry time (eg: 2 hours from last access)
• optional hard limit on session from login time, regardless of access (eg: 8 hours from login)
• ability to tie session to user’s IP or /24 subnet
• auto-cleaning of expired sessions from db without an external script or other helper

as usual, details are on the project page.

in ruby’s CGI::Session module, sessions are stored as a block of seeming junk, like this: “BMZWRlcm1hbiBCb25kaW5nIENvb”. it’s actually an encoded format which is all well and fine until you need to read something out of it for debugging purposes.

if you are using rails’ ActiveRecordStore, the contents of a session can be read fairly simply. since this relies on an AR model called Session, which your app most likely doesn’t have, we’ll create that too.

so, fire up script/console and input the following:

class Session < ActiveRecord::Base ; end
CGI::Session::ActiveRecordStore::Session.unmarshal(Session.find(:first).data)

that will dump the contents of the first session. :first can be replaced with any valid option to AR’s #find method.

dump all of the sessions with something like:

Session.find(:all).collect {|s| CGI::Session::ActiveRecordStore::Session.unmarshal(s.data)}