Gestión de Sesiones


  1. Hypertext Transfer Protocol (HTTP) is stateless: a client computer running a web browser must establish a new Transmission Control Protocol (TCP) network connection to the web server with each new HTTP GET or POST request.

  2. The web server, therefore, cannot rely on an established TCP network connection for longer than a single HTTP GET or POST operation.

  3. Session management is the technique used by the web developer to make the stateless HTTP protocol support session state.

  4. For example, once a user has been authenticated to the web server, the user's next HTTP request (GET or POST) should not cause the web server to ask for the user's account and password again.

  5. The session information is stored on the web server using the session identifier generated as a result of the first (sometimes the first authenticated) request from the end user running a web browser.

  6. The "storage" of Session IDs and the associated session data (user name, account number, etc.) on the web server is accomplished using a variety of techniques including, but not limited to, local memory, flat files, and databases.

  7. A session token is a unique identifier that is generated and sent from a server to a client to identify the current interaction session.

  8. The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in GET or POST queries. The reason to use session tokens is that the client only has to handle the identifier—all session data is stored on the server (usually in a database, to which the client does not have direct access) linked to that identifier.

Uso de Cookies para el manejo de sesiones

  1. Allowing users to log into a website is a frequent use of cookies.
  2. A web server typically sends a cookie containing a unique session identifier.
  3. The web browser will send back that session identifier with each subsequent request and related items are stored associated with this unique session identifier.
  4. Typically the web server will first send a cookie containing a unique session identifier. Users then submit their credentials and the web application authenticates the session and allows the user access to services.
  5. Applications today usually store the gathered information in a database on the server side, rather than storing them in cookies


Rack::Session::Cookie proporciona un sencillo sistema para gestionar sesiones basado en cookies.

  1. La session es un cookie que contiene un hash almacenado mediante marshalling codificado en base64.
  2. Por defecto el nombre del cookie es rack.session pero puede ser modificado mediante el atributo :key.
  3. Dándole un valor a secret_key se garantiza que es comprobada la integridad de los datos de la cookie
  4. Para acceder dentro de nuestro programa a la sesión accedemos al hash env["rack.session"] o bien env["key-value"] si hemos especificado el atributo :key

Sigue un ejemplo:

[~/local/src/ruby/sinatra/rack/rack-session-cookie(master)]$ cat 
require 'pp'
require './myapp'

use Rack::Session::Cookie, 
      :key => 'rack.session', 
      :domain => '',
      :secret => 'some_secret'


[~/local/src/ruby/sinatra/rack/rack-session-cookie(master)]$ cat myapp.rb 
class MyApp

  def set_env(env)
    @env = env
    @session = env['rack.session']

  def some_key 
    return @session['some_key'].to_i if @session['some_key']
    @session['some_key'] = 0

  def some_key=(value)
    @session['some_key'] = value

  def call(env)
    res =
    req = env

    self.some_key = self.some_key + 1 if req.path == '/'

    res.write("some_key = #{@session['some_key']}\n")



Hagamos la prueba conectándonos a Para ello edtiamos /etc/hosts para que localhost apunte a

[~/local/src/ruby/sinatra/rack/rack-session-cookie(master)]$ cat /etc/hosts
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
## localhost

Arrancamos el servidor:

[~/local/src/ruby/sinatra/rack/rack-session-cookie(master)]$ rackup 
>> Thin web server (v1.5.1 codename Straight Razor)
>> Maximum connections set to 1024
>> Listening on, CTRL+C to stop

Y visitamos con nuestro navegador:

Casiano Rodriguez León 2015-01-07