How force that session is loaded?

Question

I'm working on an application that needs to use session id information. My session is stored in cookies. The problem I have is that my session is not immediately available to the controller when a user comes to the site for the first time. I think I may be missing something about how sessions are initialized in Rails. But I'm positve about the fact that the session is not loaded because this is the output of session.inspect:

#<Rack::Session::Abstract::SessionHash:0x15cb970 not yet loaded>

Here is how to reproduce the problem with Rails 3.2.11 and ruby 1.9.3:

Create a new application with a test controller:

rails new my_app
cd my_app/
rails g controller test
rm app/assets/javascripts/test.js.coffee
touch app/views/test/index.html.erb

Try to get the session id in that controller:

class TestController < ApplicationController
  def index
    puts session[:session_id]
    puts session.inspect
  end
end

Add the needed routes:

MyApp::Application.routes.draw do
  resources :test
end

Then access the application and see what it does:

rails server

got to: http://localhost:3000/test

That is the output in the console:

#<Rack::Session::Abstract::SessionHash:0x3fd10f50eea0 not yet loaded>

Then again http://localhost:3000/test and this time we have a session:

400706c0b3d95a5a1e56521e455075ac
{"session_id"=>"400706c0b3d95a5a1e56521e455075ac", "_csrf_token"=>"Euaign8Ptpj/o/8/ucBFMgxGtiH7goKxkxeGctumyGQ="}

Answer 1

Since the session is lazily loaded object, you just have to begin accessing the session object just

pry> session

...not loaded

pry> session["session_id"] # .....

Answer 2

Yo! @zetetic's answer above made me realize that we can just do

session.send(:load!)

and it'll load the session 🙂.

Answer 3

So the problem probably boils down to the fact that the cookie that stores session_id wasn't created yet at the point where you tried to access the session.

When you read session object, Rails calls a private method session.load_for_read!, but, as its name suggests, it only loads session for reading and doesn't instantiates the session if it simply doesn't exist.

On the other hand, calling session.merge!({}) (for example) forces session instantiation.

Answer 4

I agree with @joscas answer but instead of writing a value, I'd delete it as to not have redundant data.

class MyController < ApplicationController
  protect_from_forgery
  def index
    session.delete 'init'
    do_stuff
  end
end

The session is loaded this way too.

Note: Make sure you don't use the key to be deleted in your application.

Answer 5

I found a way to force initialization of the session. Accessing the session apparently does not force initialization but writing into the session does. What I do in my controller is this now:

class MyController < ApplicationController
  protect_from_forgery
  def index
    session["init"] = true
    do_stuff
  end
end

Still I'm not sure if this should be considered normal behavior in Rails. It doesn't look right to me having to write into the session to force initialization. Reading should be enough.

Answer 6

Here's some relevant code from ActionDispatch::Session:

 def [](key)
    load_for_read!
    @delegate[key.to_s]
  end

  private

  def load_for_read!
    load! if !loaded? && exists?
  end

Which implies that the session object will be loaded as soon as you access any value by its key via [].

Answer 7

I don't really understand your question. If you require a user to register or sign in before being able to access the site there should be no problem. When creating a user his information is immediately stored in a cookie. For example:

User controller: (registering is done through users#new)

def create
   @user = User.new(params[:user])
   if @user.save
     cookies.permanent[:remember_token] = user.remember_token
     redirect_to root_path, notice: "Thank you for registering!"
   else
     render :new
   end
 end

Sessions controller: (signing in is done through sessions#new)

 def create
  user = User.find_by_email(params[:session][:email].downcase)

  if user && user.authenticate(params[:session][:password])
    cookies.permanent[:remember_token] = user.remember_token
    redirect_to root_path, notice: "Logged in."
  else
    flash.now.alert = "Email or password is incorrect."
    render :new
 end
end