Home/ Questions/Q 6863211
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T02:45:18+00:00

I have a rails app that makes web api call , the rails app

  • 0

I have a rails app that makes web api call , the rails app by itself doesn’t have any database or userstore. Every api call needs to be sent username and password for each request.

I would like to provide an authentication mechanism for the rails app.
I am planning to do it this way :

  1. Show a login page
  2. Get the username and password
  3. Store the username and password
  4. Perform a manual authentication either via warden.authenticate or authlogic.something ( or may be even that is not required can just check if session has something stored )
  5. And then when user does something I pass the username and password that was stored earlier.

Now my problem is where do I store the password ?
If I use session I cannot use cookie store obviously , I can use session_store = :active_record_store but not sure if its safe , also I don’t have any database as of now so why should I create one just for session ?
Is there any other mechanism to store passwords within a session ? (safe way obviously )

Earlier rails had :

  • MemoryStore
  • FileStore

But now both seems to be removed. So any other solution ?

Notes from answers :

  1. Storing encrypted passwords won’t work since I need the raw password to be sent to server while making api calls.
  2. I have no control over the API , so I cannot change its authentication.
  3. There is no user profile maintenance on rails app. Everything managed by API calls.

I finally thought to implement custom memory store but it seems to throw stackoverflow error. I got the code from https://rails.lighthouseapp.com/projects/8994/tickets/1876-uninitialized-constant-actioncontrollersessionmemorystore

require 'action_dispatch'
module ActionDispatch
module Session
class CustomMemoryStore < ActionDispatch::Session::AbstractStore
  GLOBAL_HASH_TABLE = {} #:nodoc:

  private
    def get_session(env, sid)
      sid ||= generate_sid
      session = GLOBAL_HASH_TABLE[sid] || {}
      session = AbstractStore::SessionHash.new(self, env).merge(session)
      [sid, session]
    end

    def set_session(env, sid, session_data)
      GLOBAL_HASH_TABLE[sid] = session_data
      return true
    end
  end
 end
end
Steptools3::Application.config.session_store :custom_memory_store, :key => '_some_xyz'
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could try using Redis as a session store. We use rails3-redis-session-store gem. The source can be found here.

    It is very easy to setup, and sessions expire automatically, which makes it safe.
    Example config:

    YourApp::Application.config.session_store :redis_session_store,
                                          :db => 0,
                                          :expire_after => 10.minutes,
                                          :key_prefix => "your_app:session:"

    An alternative would be to use dalli, and thus use memcached as the backend.

    Hope this helps.

    • 0