Tons of ruby_sess.* in /tmp

Added by John Goerzen almost 10 years ago

Has anyone seen a bunch of ruby_sess.* files created in /tmp? They all seem to be under 200 bytes, and I have 88 of them now.

I'd like to really make them go away, or if that's not possible, go somewhere else. Any ideas how?

Thanks,

-- John

Replies (10)

RE: Tons of ruby_sess.* in /tmp - Added by Jim Mulholland almost 10 years ago

This is an interesting find, John. I thought Rails was supposed to store sessions in RAILS_ROOT/tmp/sessions.

Looking at my files system, I have a small number of sessions in the RAILS_ROOT/tmp/sessions directory but a TON (24k+) in my /tmp directory. I do have other apps in addition to Redmine on this box, but it is still interesting why so many files would be in the /tmp directory.

I took the advice of this wiki article and just deleted any old session files from the /tmp directory via:

find /tmp/ -name "ruby_sess*" -cmin +600 -exec rm {} \;

http://wiki.rubyonrails.org/rails/pages/TipsAndTricks

RE: Tons of ruby_sess.* in /tmp - Added by Thomas Löber almost 10 years ago

John, did you make sure that the directory RAILS_ROOT/tmp/sessions exists? Otherwise the sessions will be stored in /tmp.

You can cleanup the session directory with a cron job using a command like the one Jim proposed.

With Rails 2.0 you can also use a cookie based session store. You just have to add

config.action_controller.session = { 
  :session_key => 'redmine_session', 
  :secret      => 'nrAgejEZ6QYzGpsMuUA4STX6kJtFjF15' 
}

to environment.rb and the sessions will be stored as cookies in the users' browsers. The secret is used to ensure that the session data is not modified on the client side.

RE: Tons of ruby_sess.* in /tmp - Added by Jean-Philippe Lang almost 10 years ago

0.7 will be packaged with Rails 2.0 and with session store set to cookie store by default.

RE: Tons of ruby_sess.* in /tmp - Added by John Goerzen almost 10 years ago

How can I specify my tmp directory as something other than RAILS_ROOT/tmp? (I take it RAILS_ROOT is the root directory of the Redmine install?)

I don't want my Rails directory to be owned and writable by the web server UID for security reasons, so I'm guessing the reason it isn't using storage there is because of that.

Same question for the files directory too, BTW.

Incidentally, I am running trunk and Rails 2.0, so are you saying I shouldn't be seeing this?

RE: Tons of ruby_sess.* in /tmp - Added by Thomas Löber almost 10 years ago

I guess you have to make at least the files, log and tmp/* directories writable for the web server UID. I don't see any security issues with it.

Regarding the session store, trunk still uses the file based cookie store.

RE: Tons of ruby_sess.* in /tmp - Added by John Goerzen almost 10 years ago

I use a version control system (git) to track the application install directory. Yes, I suppose I could add those directories to an ignore pattern, but it's cleaner to put the data somewhere else.

Is that stuff really not configurable? That seems like a fairly basic thing. I figured out how to point log elsewhere, but can't figure that out for files and tmp.

RE: Tons of ruby_sess.* in /tmp - Added by James Turnbull over 9 years ago

Did this actually happen in 0.7 - the sessions set to cookies?

RE: Tons of ruby_sess.* in /tmp - Added by Stephanie Collett about 9 years ago

Cookie store doesn't seem to be the default in 7-stable or even trunk. I have edited my environment.rb file to use cookie sessions. It works fine. There might be issues if Redmine tries to store to much information within the session.

RE: Tons of ruby_sess.* in /tmp - Added by micah anderson almost 9 years ago

I've been impressed at the very large number of cookies that I've got laying around my temporary directory, tens of thousands!

As it turns out, cookie store isn't default in .80 either. I do not see a ticket for it, so I'm guessing that it isn't going to be added unless there is one, so I created issue #2628 to track the issue.

(1-10/10)