How to Find a Devise User by It's Session Id

How can I find a devise user by it's session id?

At least on my system (rails 3.2, devise 2.0.4), you can do it like this:

session is:

{"session_id"=>"be02f27d504672bab3408a0ccf5c1db5", "_csrf_token"=>"DKaCNX3/DMloaCHbVSNq33NJjYIg51X0z/p2T1VRzfY=", "warden.user.user.key"=>["User", [3], "$2a$10$5HFWNuz5p6fT3Z4ZvJfQq."]}

session["warden.user.user.key"][1][0], then is 3.

So, I'd find it as:

User.find(session["warden.user.user.key"][1][0])

Get UserID for Current User using Devise/Rails

I see a few problems here

def index
  @currentUser = current_user.id
end

Other than what @HolyMoly already commented, you should use underscore and not camelcase, if current_user is nil here, .id will fail on it, resulting in an exception.

Second, you are checking "ability" by comparing values of ids, I would change your code to do this

<% if allow_product_delete?(@product) %>

In a helper

def allow_product_delete?(product)
  return false unless current_user
  @product.user_id == current_user.id
end

if you are using devise current_user exists in controller and views, you don't need to define it as an instance variable, it's already defined as a controller method on all actions (by default). so by calling current_user in your views you are done.

If a user is not logged in, current_user will be nil, you always have to prepare for this and protect against it.

Last, I would look into ability gems (cancan or cancancan), those provide a very nice DSL for dealing with what you were trying here.

Who's Online using Devise in Rails

https://github.com/ctide/devise_lastseenable

You can use this gem that I wrote to store the 'last_seen' timestamp of a user. From there, it's pretty trivial to display the users who were last_seen in the last 5 or 10 minutes.

Finding User ID from Sessions

As indicated by @Bohdan, you may want to shorten your code a bit like this:

Activity.log( session[:user_id] )

In your case, you don't have to rely on ActiveRecord mechanisms.

Get user from device/warden session cookie

The way I describe for deserializing the cookie is just the right way. It is actually the same in Devise, the keys just changed and I jumped to quickly to the conclusion that there must be a different serilization process going on.

How does rails/devise handle cookie sessions?

The default rails session storage is CookieStore. This means that all the session data is stored in a cookie rather than in the database anywhere. In Rails 3.2 the cookie is signed to prevent tampering, but not encrypted. In Rails 4 it's generally encrypted by default. The fact that it's in a cookie is how it persists across restarts of your server. It also means you can only store 4k of data and you wouldn't want to store anything sensitive in there in Rails < 4. It's best to keep a minimum of data in the session anyway.

You can also opt for storing the session data in the database and only having a session id in a cookie.

This answer I gave the other week has some extra info that might be useful:

Sessions made sense to me before I started reading about them online

Also, the rails api doc for CookieStore gives a nice summary:

http://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html

---

Related Topics