1 minute read

On my current project, we wanted to write some code to load a specific user’s session data (not the current user). This turned out to be a little trickier than we thought.

We use active_record_store for our sessions, so session data is stored in a sessions table in the database. In theory, we should be able to read the session with code like:

>> CGI::Session::ActiveRecordStore::Session.find_by_id(1).data
ArgumentError: undefined class/module Foo
        from /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/session/active_record_store.rb:84:in `load'
        from /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/session/active_record_store.rb:84:in `unmarshal'
        from /usr/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/session/active_record_store.rb:122:in `data'
        from (irb):1

Unfortunately, if the session contains any custom classes, this code will fail. Behind the scenes, session data is stored as a Base64 encoded, Marshal dumped string. If there are classes in the dump that ruby does not know about yet, the Marshal.load will fail.

If we manually load the class, it will work:

>> Foo
=> Foo
>> CGI::Session::ActiveRecordStore::Session.find_by_id(1).data
=> {:foo=>#, "flash"=>{}}

Our sessions contain a bunch of custom classes, and we did not want to manually load them. Since we knew rails handled this properly, we dug into the depths of rails and found this code in cgi_proceess.rb (Rails 2.0.2):

def stale_session_check!
rescue ArgumentError => argument_error
  if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
      # Note that the regexp does not allow $1 to end with a ':'
    rescue LoadError, NameError => const_error
      raise ActionController::SessionRestoreError, <<-end_msg
Session contains objects whose class definition isn\'t available.
Remember to require the classes for all objects kept in the session.
(Original exception: #{const_error.message} [#{const_error.class}])


This code assumes you pass in a block which loads the session. If an error is raised trying to load a class, it calls constantize on the class name, which forces rails to find and load the class. It does this repeatedly until all load errors have been resolved.

We can use this method now to load our session:

>> ActionController::CgiRequest.new(CGI.new).instance_eval do
?>   stale_session_check! do
?>     CGI::Session::ActiveRecordStore::Session.find_by_id(1).data
>>   end
>> end
=> {:foo=>#, "flash"=>{}}

This is not the prettiest code, but it allows us to get at the logic rails uses to load sessions.