Sharing Rails sessions with PHP, ColdFusion, and more!

Sometimes it does not make sense to store session within a cookie. It might be a size issue, or it could be sensitive information you do not want to go across the wire with each request. Whatever the reason, another option is to database the session information. Luckily rails makes it really easy to do this via active record store.

Active record store

To start databasing our sessions, we need to setup rails to use the active record store. To enable active record store we need to edit the config/initializers/session_store.rb file. We need to comment out the cookie store option and add the active record store option.

Creating the database

Next step is to create the session database table. To do that we will run the following commands…

Session data

When you create the session each created session will be entered as a record in the database. There will be id, session_id, data, created_at, and updated_at columns. The session_id will stored in a cookie and be used to retrieve the data column which contains the databased session information. The data column will store the information as a base64 encoded string. Like so.

Which can be marshaled to a ruby object upon request.

Making rails share

This works pretty well for storing sessions in rails. However, there is a problem. Ruby is using it’s internal marshaler when storing the session information. This means that any other language, such as php, coldfusion, etc cannot decode the data unless you write the marshaler :(

There may however, be a way around this. What if we could override rails and tell it to save the data as base64 encoded JSON instead of marshaling it? Every other language could then decode base64 strings and serialize them from JSON to native objects.

If we again edit our session_store.rb file, we can override some internal rails methods when handling sessions. Below we are overriding base the SessionStore class.

If you notice we are only overriding the marshal and unmarshal methods to preform a JSON.encode and JSON.decode instead of the traditional Marshal.load and Marshal.dump.

We can then easily read this information out in another language.


  • Like this. I came up with something similar recently although my goal was to allow a Rails app to access a PHP session store with minimal changes on the PHP side. Someone might find it useful:

  • I am fairly new to Rails, but I need to do exactly what you are describing here (share a session between Rails and another app). My other app is a Node.js app, so saving the session in JSON is perfect.

    However, after replacing table_name, session_id_column and data_column_name with my own db info, and plugging this into /config/initializers/session_store.rb (above the statement that says active_record_store should be used), I got this error:

    undefined method `sweep’ for [[“notice”, “Please login or sign up to access this page”]]:Array

    I assume this is because the rest of the app no longer knows how to read the session data since I’ve changed the way it’s encoded. But I may be wrong. How can I fix this?

    • I don’t think that it is an encoding issue. Sometimes a sweep method is defined on the Session.rb model to periodically sweep the sessions table and delete old entries. Without seeing more of the code it is hard to know exactly what is happening, but it seems like a sweep being executed on an array object instead of the model.

      Here is more info on sweep ( in the “Session Expiry” section)

      • Thanks JK. The problem seems to be with the Rails FlashHash. The “sweep” method it’s referring to is being called on the FlashHash object, I assume to sweep out old flash messages before populating a new one. This makes sense because the error only appears when a Flash message is triggered, in this case when I try to access my profile without logging in, I get a Flash message telling me to log in.

        Do you know of a way to override the Flash object to use the new serialized session object from your JSON solution? I’m trying to fix this issue, it’s been driving me out of my mind. Thanks!

    • Sean this is since normally rails would marshal the flash object as a FlashHash and save it to the database session. The error is because the FlashHash object has other methods such as “sweep” on it, while your flash object coming back from JSON is just an enum with no other methods.

      • Suggestions on how to get around this? I’ve got the same problem.

        • def unmarshal(data)

          return nil unless data

          original = ActiveSupport::JSON.decode( ActiveSupport::Base64.decode64(data) )

          if original.has_key?(‘flash’)

          original[‘flash’] =[*original[‘flash’].flatten])




  • I’m sorry but I’m new to the ruby language choice and even more have 15 days Rails.Apenas learning. I do not know if you could give an example of use or run your implementation, you mention that you believe a cookie, but yet not create it on rails as much less as pass it to php.

    You could put some example of its use.

Leave a Reply

Your email address will not be published. Required fields are marked *