User by session ID in Devise authentication from background thread

Question

How to get an user or it's UserID by session ID (from cookie) when using Devise Authentication gem? I need to access this info from a background thread where session variable isn't accessible.

Long explanation:

I have two ports open on web server: one is for normal HTTP communication, other is for Web Sockets, for instant server-to-browser communication. Currently I initialize socket with

var UserID = <%= current_user.id %>

but consider this way to be insecure. Every authenticated user can replace user ID and receive messages intended for other user.

So I think that SessionID stored in cookie is much harder to guess and it could be extracted by JavaScript in some way and passed through Web Socket during initialization.

The task is to convert SessionID to UserID on server side.

Is sessionID storage accessible as a whole through some Devise methods?

score 1 · Answer 1 · edited May 23 '17 at 12:13

1

A devise session is stored as warden user key. You can find the user ID by devise session key. Try User.find(session["warden.user.user.key"][1][0]) Refer to this link for more details.

edited May 23 '17 at 12:13

Community

1
1

answered Aug 27 '14 at 07:09

noman tayyab

355
3
14

It turned out that I can't access `session` variable from background thread. – Paul Aug 27 '14 at 14:36

User by session ID in Devise authentication from background thread

1 Answers1