Fork me on GitHub

August 30, 2011

Session Off Strikes Back

Post moved to http://log2.kares.org/post/59891247288/session-off-strikes-back

All Rails witnesses should remember the times when one could declaratively control a controller's session. As a developer the reasoning behind the removal of this feature, with the introduction of lazy sessions, is understandable. Although as a framework user, especially if Rails advocates itself as being the easier approach to web development, I have my doubts.

The Ruby language is known to be preferring intuitive programming over various (architectural, performance) compromises and Rails at once seemed to be in a position of delivering the same promise. For me the removal of session :off somehow symbolically represents a starting point of a diversion from this very path. Now, don't take me wrong I highly appreciate Rails and it's community, but I guess it's getting harder to dive into for new comers with every major release since than.

But back to sessions, laziness is great, at the same time I do not think it's a reason for a useful piece of functionality, such as declaring when a session for an action should be available, to go away. How much easier it is for a developer to see an undefined method 'xxx' for nil:NilClass error than track down if a session cookie is being sent for a given action and particular parameters. Not to mention that it may even lead to "false authentication" if a REST API consumer uses a HTTP engine that handles cookies.
Therefore I decided it's worth a monkey patch and brought some love back :


Please remember that session might once again be nil, but only in controllers (request.session works unchanged). Any controller code relying on session never becoming nil, such as flash, might end with an error.

No comments:

Post a Comment