https://github.com/rails/activerecord-session_store
Active Record's Session Store extracted from Rails
https://github.com/rails/activerecord-session_store
Keywords from Contributors
activerecord activejob mvc rubygems rack rspec crash-reporting error-monitoring sinatra feature-flag
Last synced: about 16 hours ago
JSON representation
Repository metadata
Active Record's Session Store extracted from Rails
- Host: GitHub
- URL: https://github.com/rails/activerecord-session_store
- Owner: rails
- License: mit
- Created: 2012-08-24T16:00:35.000Z (over 13 years ago)
- Default Branch: master
- Last Pushed: 2026-04-05T21:14:09.000Z (about 2 months ago)
- Last Synced: 2026-05-09T08:10:21.816Z (15 days ago)
- Language: Ruby
- Size: 186 KB
- Stars: 583
- Watchers: 27
- Forks: 190
- Open Issues: 46
- Releases: 7
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: MIT-LICENSE
README.md
Active Record Session Store
A session store backed by an Active Record class. A default class is
provided, but any object duck-typing to an Active Record Session class
with text session_id and data attributes is sufficient.
Installation
Include this gem into your Gemfile:
gem 'activerecord-session_store'
Run the migration generator:
rails generate active_record:session_migration
Run the migration:
rake db:migrate
Then, set your session store in config/initializers/session_store.rb:
Rails.application.config.session_store :active_record_store, :key => '_my_app_session'
To avoid your sessions table expanding without limit as it will store expired and
potentially sensitive session data, it is strongly recommended in production
environments to schedule the db:sessions:trim rake task to run daily.
Running bin/rake db:sessions:trim will delete all sessions that have not
been updated in the last 30 days. The 30 days cutoff can be changed using the
SESSION_DAYS_TRIM_THRESHOLD environment variable.
Configuration
Disable fallback to use insecure session by providing the option
secure_session_only when setting up the session store.
Rails.application.config.session_store :active_record_store, key: '_my_app_session', secure_session_only: true
The default assumes a sessions table with columns:
id(numeric primary key),session_id(string, usually varchar; maximum length is 255), anddata(text, longtext, json or jsonb); careful if your session data exceeds
65KB).
The session_id column should always be indexed for speedy lookups.
Session data is marshaled to the data column in Base64 format.
If the data you write is larger than the column's size limit,
ActionController::SessionOverflowError will be raised.
You may configure the table name, primary key, data column, and
serializer type. For example, at the end of config/application.rb:
ActiveRecord::SessionStore::Session.table_name = 'legacy_session_table'
ActiveRecord::SessionStore::Session.primary_key = 'session_id'
ActiveRecord::SessionStore::Session.data_column_name = 'legacy_session_data'
ActiveRecord::SessionStore::Session.serializer = :json
Note that setting the primary key to the session_id frees you from
having a separate id column if you don't want it. However, you must
set session.model.id = session.session_id by hand! A before filter
on ApplicationController is a good place.
The serializer may be class responding to #load(value) and #dump(value), or
a symbol of marshal, json, hybrid or null. marshal is the default and
uses the built-in Marshal methods coupled with Base64 encoding. json does
what it says on the tin, using the parse() and generate() methods of the
JSON module. hybrid will read either type but write as JSON. null will
not perform serialization, leaving that up to the ActiveRecord database
adapter. This allows you to take advantage of the native JSON capabilities of
your database.
Since the default class is a simple Active Record, you get timestamps
for free if you add created_at and updated_at datetime columns to
the sessions table, making periodic session expiration a snap.
You may provide your own session class implementation, whether a
feature-packed Active Record, or a bare-metal high-performance SQL
store, by setting
ActionDispatch::Session::ActiveRecordStore.session_class = MySessionClass
You must implement these methods:
self.find_by_session_id(session_id)initialize(hash_of_session_id_and_data, options_hash = {})attr_reader :session_idattr_accessor :datasavedestroy
The example SqlBypass class is a generic SQL session store. You may
use it as a basis for high-performance database-specific stores.
Please note that you will need to manually include the silencer module to your
custom logger if you are using a logger other than ActiveSupport::Logger and
its subclasses:
MyLogger.include ActiveSupport::LoggerSilence
Or if you are using Rails 5.2 or older:
MyLogger.include ::LoggerSilence
This silencer is being used to silence the logger and not leaking private
information into the log, and it is required for security reason.
CVE-2019-25025 mitigation
Sessions that were created by Active Record Session Store version 1.x are
affected by CVE-2019-25025. This means an attacker can perform a timing
attack against the session IDs stored in the database.
After upgrade to version 2.0.0, you should run db:sessions:upgrade rake task
to upgrade all existing session records in your database to the secured version.
$ rake db:sessions:upgrade
This rake task is idempotent and can be run multiple times, and session data of
users will remain intact.
Please see #151 for more details.
Contributing to Active Record Session Store
Active Record Session Store is work of many contributors. You're encouraged to submit pull requests, propose features and discuss issues.
See CONTRIBUTING.
License
Active Record Session Store is released under the MIT License.
Owner metadata
- Name: Ruby on Rails
- Login: rails
- Email:
- Kind: organization
- Description:
- Website: https://rubyonrails.org/
- Location:
- Twitter:
- Company:
- Icon url: https://avatars.githubusercontent.com/u/4223?v=4
- Repositories: 116
- Last ynced at: 2023-04-09T03:40:20.529Z
- Profile URL: https://github.com/rails
GitHub Events
Total
- Delete event: 2
- Pull request event: 15
- Fork event: 1
- Issues event: 6
- Watch event: 35
- Issue comment event: 30
- Push event: 11
- Pull request review event: 1
- Pull request review comment event: 1
- Create event: 2
Last Year
- Delete event: 2
- Pull request event: 5
- Issues event: 1
- Watch event: 10
- Issue comment event: 1
- Push event: 4
- Pull request review event: 1
- Pull request review comment event: 1
Committers metadata
Last synced: 1 day ago
Total Commits: 161
Total Committers: 56
Avg Commits per committer: 2.875
Development Distribution Score (DDS): 0.814
Commits in past year: 4
Committers in past year: 1
Avg Commits per committer in past year: 4.0
Development Distribution Score (DDS) in past year: 0.0
| Name | Commits | |
|---|---|---|
| Prem Sichanugrist | s@s****u | 30 |
| Prem Sichanugrist | p****m@t****m | 13 |
| Jean Boussier | j****r@g****m | 13 |
| Drew Stephens | d****w@d****t | 10 |
| Thorsten | te@z****m | 6 |
| Rafael Mendonça França | r****a@g****m | 6 |
| Rafael Mendonça França | r****a@p****r | 6 |
| Ryan Bibby | r****y@s****k | 5 |
| Max Schwenk | m****k@g****m | 5 |
| Steven Harman | s****n@h****m | 5 |
| Tobias Bales | t****s@s****m | 4 |
| Hartley McGuire | s****l@g****m | 4 |
| Tobias Kraze | t****e@m****e | 3 |
| Edouard CHIN | e****n@s****m | 3 |
| Mike Vastola | M****e@V****a | 2 |
| Mike Breen | h****p@g****m | 2 |
| Bart de Water | b****r@s****m | 2 |
| Shinichiro OGAWA | s****a@c****m | 2 |
| Remo Fritzsche | r****e@s****m | 2 |
| Shin-ichiro OGAWA | r****t@g****m | 2 |
| Akira Matsuda | r****e@d****p | 1 |
| Alex Slynko | a****o@w****m | 1 |
| Alexander Graf | a****x@b****l | 1 |
| Chris | c****t@e****k | 1 |
| Saurabh Gupta | s****a@b****m | 1 |
| Rada Bogdan Raul | b****a | 1 |
| Oli Peate | o****e@p****o | 1 |
| Daniel Ghilea | d****y@h****m | 1 |
| railsnewbie257 | r****7@g****m | 1 |
| maclover7 | me@j****e | 1 |
| and 26 more... | ||
Committer domains:
- shopify.com: 3
- sikac.hu: 1
- thoughtbot.com: 1
- dinomite.net: 1
- zammad.com: 1
- plataformatec.com.br: 1
- sheffield.ac.uk: 1
- harmanly.com: 1
- makandra.de: 1
- vasto.la: 1
- cookpad.com: 1
- sitrox.com: 1
- dio.jp: 1
- wonga.com: 1
- basecamp.tirol: 1
- epigenesys.org.uk: 1
- bigcommerce.com: 1
- pivotal.io: 1
- hedtek.com: 1
- jonathanmoss.me: 1
- dropbox.com: 1
- hodgkiss.me: 1
- me.com: 1
- codeodor.com: 1
- arndt.io: 1
- veldthuis.com: 1
- mach7x.com: 1
- shirley.im: 1
- somnilocode.nl: 1
- bunts.io: 1
Issue and Pull Request metadata
Last synced: 2 days ago
Total issues: 68
Total pull requests: 69
Average time to close issues: over 1 year
Average time to close pull requests: 5 months
Total issue authors: 65
Total pull request authors: 42
Average comments per issue: 3.13
Average comments per pull request: 1.94
Merged pull request: 27
Bot issues: 0
Bot pull requests: 0
Past year issues: 1
Past year pull requests: 8
Past year average time to close issues: N/A
Past year average time to close pull requests: 8 days
Past year issue authors: 1
Past year pull request authors: 1
Past year average comments per issue: 0.0
Past year average comments per pull request: 0.13
Past year merged pull request: 3
Past year bot issues: 0
Past year bot pull requests: 0
Top Issue Authors
- ghost (3)
- jasonfb (2)
- ajinkyapisal (1)
- thorsteneckel (1)
- AlfonsoUceda (1)
- biserz (1)
- aksharj (1)
- alipman88 (1)
- shleeable (1)
- ashrafalzyoud (1)
- testwisely (1)
- c0ze (1)
- dpneumo (1)
- jamesfzhang (1)
- mediafinger (1)
Top Pull Request Authors
- skipkayhil (8)
- stevenharman (4)
- thorsteneckel (3)
- Edouard-chin (3)
- byroot (3)
- rchekaluk (2)
- casperisfine (2)
- robsdudeson (2)
- bartzon (2)
- EiNSTeiN- (2)
- tmandke (2)
- otherguy (2)
- marvinthepa (2)
- Inipe (2)
- codeodor (2)
Top Issue Labels
Top Pull Request Labels
Package metadata
- Total packages: 2
-
Total downloads:
- rubygems: 98,190,458 total
- Total docker downloads: 271,698,938
- Total dependent packages: 19 (may contain duplicates)
- Total dependent repositories: 3,063 (may contain duplicates)
- Total versions: 28
- Total maintainers: 8
- Total advisories: 1
gem.coop: activerecord-session_store
An Action Dispatch session store backed by an Active Record class.
- Homepage: https://github.com/rails/activerecord-session_store
- Documentation: http://www.rubydoc.info/gems/activerecord-session_store/
- Licenses: MIT
- Latest release: 2.2.0 (published about 1 year ago)
- Last Synced: 2026-05-22T11:01:06.874Z (1 day ago)
- Versions: 14
- Dependent Packages: 0
- Dependent Repositories: 0
- Downloads: 49,087,857 Total
- Docker Downloads: 135,849,469
-
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 0.228%
- Downloads: 0.683%
- Maintainers (8)
rubygems.org: activerecord-session_store
An Action Dispatch session store backed by an Active Record class.
- Homepage: https://github.com/rails/activerecord-session_store
- Documentation: http://www.rubydoc.info/gems/activerecord-session_store/
- Licenses: MIT
- Latest release: 2.2.0 (published about 1 year ago)
- Last Synced: 2026-05-23T02:00:43.287Z (about 19 hours ago)
- Versions: 14
- Dependent Packages: 19
- Dependent Repositories: 3,063
- Downloads: 49,102,601 Total
- Docker Downloads: 135,849,469
-
Rankings:
- Downloads: 0.512%
- Dependent repos count: 0.564%
- Docker downloads count: 0.602%
- Dependent packages count: 1.094%
- Average: 1.2%
- Forks count: 1.945%
- Stargazers count: 2.482%
- Maintainers (8)
- Advisories:
Dependencies
- sqlite3 >= 0 development
- actionpack >= 6.1
- activerecord >= 6.1
- multi_json ~> 1.11, >= 1.11.2
- rack >= 2.0.8, < 3
- railties >= 6.1
- actions/checkout v2 composite
- ruby/setup-ruby v1 composite
Score: 30.19820604723599