RailsCasts13 Dangers of Model in Session 将model放在session中是危险的

最新推荐文章于 2023-08-15 21:28:38 发布
最新推荐文章于 2023-08-15 21:28:38 发布
阅读量676 收藏
点赞数
分类专栏: RailsCasts Rails

在此介绍为什么将model放在session中是一个坏注意。

In this episode we’ll show you why it’s a bad idea to store a model in the session.

ruby

class UserController < ApplicationController
  def prepare
    session[:user] = User.find(:first)
    redirect_to :action => :'show'
  end

  def show
    @user = session[:user]
  end

  def update
    @user = session[:user]
    @user.name = 'Foo'
    redirect_to :action => 'show'
  end  
end

UserController中的prepare将一个model存储在了session中。

上面的代码片段中,控制器有3个action。prepare action查找出第一个user,将其存储在session中,然后跳转至show。show action从session中得到当前的用户并输出一些user的debug信息,show view代码如下。

<%= debug(@user) %>
<%= link_to 'update', :action => 'update' %>

show页面中有一个update的链接。update再次从session中得到当前user,改变它的一个特性并show出来;在update中的更改只是临时的,未被写到数据库中;最终,update跳转至show,如下图

update后的show,显示出的数据与数据库中的数据是不同步的,数据库中的数据如下:

terminal

NooNoo:ep13 eifion$ script/console
Loading development environment (Rails 2.2.2)
>> User.first.name
=> "Eifion" 
>>

数据库中,user的name仍为‘Eifion’.


验证中出现的问题:

在User模型中,对name存在非空校验(with validates_presence_of).更新update action将name设置成空字符串,校验user是否有效,结果如下:

ruby

def update
  @user = session[:user]
  @user.name = ''
  @user.valid?
  redirect_to :action => 'show'
end

将name置成空时,会抛出校验错误;但当跳转到其他页面时,错误信息不能被保存。

正确的方式

将user_id存储在session中,controller中各个action的代码如下:

ruby

class UserController < ApplicationController
  def prepare
    session[:user_id] = User.find(:first).id
    redirect_to :action => :'show'
  end

  def show
    @user = User.find(session[:user_id])
  end

  def update
    @user = User.find(session[:user_id])
    @user.name = 'Foo'
    redirect_to :action => 'show'
  end  
end
现将user_id存储在session中,每次请求均从数据库中获取数据。此时,user name的变化不会被持续的保留。

session应仅被用来存储简单的对象,如array, strings and integers.


原文地址:http://railscasts.com/episodes/13-dangers-of-model-in-session?view=asciicast


dazhi_100
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Parsing JSON in Swift
07-22
Parsing JSON in Swift will teach you to harness the power of Swift and give you confidence that your app can gracefully handle any JSON that comes its way. You'll learn: - How to use ...
Spring MVC 中处理模型数据 (一)ModelAndView ModelMap @sessionAttributes
weixin_34176694的博客
11-07 146
1、目标方法的返回值可以是 ModelAndView 类型。 * 其中可以包括视图和模型信息 * SpringMVC 会把 ModelAndView 的 model 中数据放到 request 域对象中。 2、目标方法可以添加Map 类型(实际上也可以是Model类型 或 ModelMap类型)的参数。 3、...
RailsCasts中文版,#13 Dangers of Model in Session 不要在会话中缓存模型实例
边晓宇@CSDN
11-24 1819
//占位待补齐
#13 Dangers of Model in Session
CaiDeHen
12-03 82
Be careful when storing a model in a session. It will behave differently than you expect and can easily get out of sync with the database. Instead of storing the model directly in the session, store t...
Railssession的使用方法
maxiaokun55的专栏
04-02 3257
1,给session赋值 sesion[:user_name] = “feng” 其中:user_name是参数 2,取session的值 3,注销session的方法:例如用户退出登陆时需要注销session session[:user_name] = nil 4,给session赋予对象 session[:user] = ClientInfo.find(1) 注意如果这个对
RailsCasts批量下载地址之Ruby代码
weixin_34288121的博客
11-25 92
千呼万唤的Rails3出来了,也该开始学学了,从网上发现一个好的教程http://railscasts.com/episodes,能够下载 但遗憾的是每页只显示10个而且无法批量下载,如是发现右边栏有All Episodes链接。 但是这个没有下载地址,只能一个个点进去才能看见下载地址。仔细对比这两个地址 http://railscasts.com...
大模型从入门到应用——LangChain:记忆(Memory)-[记忆的存储与应用]
冯·诺依曼
08-15 5757
Zep 是一个存储、摘要、嵌入、索引和丰富对话式人工智能聊天历史记录的工具,并通过简单、低延迟的API进行访问。[3] LangChain中文网 - LangChain 是一个用于开发由语言模型驱动的应用程序的框架:http://www.cnlangchain.com/[2] LangChain 🦜️🔗 中文网,跟着LangChain一起学LLM/GPT开发:https://www.langchain.com.cn/[1] LangChain官方网站:https://www.langchain.com/
Model-Based Long Haul Testing
litove的专栏
10-31 1070
“Long-haul” is an important testing technique aiming to simulate product usage over an extended period of time. Such kind of testing is necessary because some difficult bugs in software may get caught
WebSphere Application Server中的高级认证
cuxiong8996的博客
07-02 2435
摘自IBM WebSphere开发者技术期刊 。 过去,IBM WebSphere Application Server具有严格的身份验证模型,使其难以支持复杂或异常的需求。 最近,通过基于Java身份验证和授权服务(JAAS)的新的,高度可定制的身份验证框架解决了这种情况,该框架扩展了一些功能,这些功能专门解决了在分布式应用程序服务器环境中管理用户真实性和特权的要求。 为WebSph...
转:Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
weixin_30378311的博客
03-09 289
转:https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript by Ivan...
On the dangers of stochastic parrots Can LM
05-23
》这篇论文中,作者Emily M. Bender、Timnit Gebru、Angelina McMillan-Major和Shmargaret Shmitchell提出疑问:规模的无限扩大真的是好事吗?这项技术可能带来的风险是什么?如何缓解这些风险? 论文首先探讨了...
Digital Dangers project 数字危险项目.doc
03-31
Digital Dangers project 数字危险项目.doc
数字化的安全影响数据殖民主义的危险以及实现环境数据可持续和主权管理的途径_Security implications of di
02-01
数字化的安全影响数据殖民主义的危险以及实现环境数据可持续和主权管理的途径_Security implications of digitalization The dangers of data colonialism and the way towards sustainable and sovereign ...
chromedriver-mac-arm64_126.0.6474.0.zip
07-31
chromedriver-mac-arm64_126.0.6474.0.zip
chromedriver-mac-arm64_128.0.6548.0.zip
07-31
chromedriver-mac-arm64_128.0.6548.0.zip
MySQL查询加速器:利用Query Cache提升效率
07-31
MySQL是一个流行的开源关系型数据库管理系统(RDBMS),广泛用于Web应用程序的后端数据存储。它基于结构化查询语言(SQL)来管理数据,并且是LAMP(Linux, Apache, MySQL, PHP/Python/Perl)技术栈的一部分,这个技术栈常用于构建动态网站和Web应用程序。 MySQL的特点包括: - **开放源代码**:MySQL的源代码是公开的,任何人都可以自由使用和修改。 - **跨平台**:MySQL可以在多种操作系统上运行,包括Linux、Windows、macOS等。 - **高性能**:MySQL以其快速的查询处理和良好的性能而闻名。 - **可靠性**:MySQL提供了多种机制来确保数据的完整性和可靠性,包括事务支持、备份和恢复功能。 - **易于使用**:MySQL提供了简单直观的界面和丰富的文档,便于用户学习和使用。 - **可扩展性**:MySQL支持从小型应用到大型企业级应用的扩展。 - **社区支持**:由于其广泛的使用,MySQL拥有一个活跃的开发者社区,提供大量的资源和支持。 MySQL被广泛应用于各种场景,包括在线事务处理(OL
Objective-C语言的基础教程.md
最新发布
07-31
Objective-C是一种面向对象的编程语言,是C语言的扩展。它主要用于苹果的iOS和macOS应用程序开发。
With the rapid development of China's economy, the per capita share of cars has rapidly increased, bringing great convenience to people's lives. However, with it came a huge number of traffic accidents. A statistical data from Europe shows that if a warning can be issued to drivers 0.5 seconds before an accident occurs, 70% of traffic accidents can be avoided. Therefore, it is particularly important to promptly remind drivers of potential dangers to prevent traffic accidents from occurring. The purpose of this question is to construct a machine vision based driving assistance system based on machine vision, providing driving assistance for drivers during daytime driving. The main function of the system is to achieve visual recognition of pedestrians and traffic signs, estimate the distance from the vehicle in front, and issue a warning to the driver when needed. This driving assistance system can effectively reduce the probability of traffic accidents and ensure the safety of drivers' lives and property. The main research content of this article includes the following aspects: 1. Implement object detection based on the YOLOv5 model. Conduct research on convolutional neural networks and YOLOv5 algorithm, and develop an object detection algorithm based on YOLO5. Detect the algorithm through road images, and analyze the target detection algorithm based on the data returned after training. 2. Estimate the distance from the front vehicle based on a monocular camera. Study the principle of estimating distance with a monocular camera, combined with parameters fed back by object detection algorithms, to achieve distance estimation for vehicles ahead. Finally, the distance estimation function was tested and the error in the system's distance estimation was analyzed. 3. Design and implementation of a driving assistance system. Based on the results of two parts: target detection and distance estimation, an intelligent driving assistance system is constructed. The system is tested through actual road images, and the operational effectiveness of the intelligent driving assistance system is analyzed. Finally, the driving assistance system is analyzed and summarized.
06-03
我检查了一下,这段文字没有...在第四句话中,“promptly remind drivers of potential dangers”应该为“promptly warn drivers of potential dangers”。总的来说,这段文字需要一些润色和修改才能更加准确和流畅。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值