Session store – don’t get trapped

I’ve recently stumbled upon some design flaw in Rails applications. It looks like it is much more popular than I thought…

Session hash can store whole objects. Don’t do that. I’ve recently seen applications storing whole ActiveRecord objects in session. Why it is dumb idea?

First – with new Rails default storage for session are cookies in browser, so You get very low size limit (AFAIR 4 kB). Second (and this the real reason) – if Your schema will change, then all objects kept in session become invalid. The problem is that with new application code, those objects will be like guest from deep past. They will be created but they will miss new attributes – and when Your application will try to use some of them kaboom….

Guests from a past

Guests from past (c)

This is not only related to session hash – it is general problem with object serialization (and storing for long. Try to avoid Marshal, whenever it is not really required.

2 thoughts on “Session store – don’t get trapped

  1. This is kind of funny looking like all common mistakes from one technology which were found and pointed years ago (what doesn’t mean that were removed from an applications, changing devs is a bit more tricky) appears again whith new frameworks and new developers. Old habits applied in a new way?? Maybe, probably some developers are switching to new technology and are applying old patterns …
    … I’m thinking about session object in ASP and ASP .NET which was often abused by devs for pourposes like You are describing and which causes similiar problems.

  2. I guess problem is related to people who don’t want to learn. I know I still have plenty to learn, and when I get hit by some problem I try to make some research before I fix/change my solution.

    I know it is hard when You work is mostly to put out fires ;) and it seems that code I’ve seen, is result of such environment. Question is how much developer is responsible for such environment :)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.