Ruby on Rails Sunday, December 30, 2012

It's not secure, session spoofing is a serious issue. I would encourage not going that route. 

It can be done in rails, needs a bit of work but sure. Ideally, you'll alias_method_chain url_for and read the session in a parent controller, like ApplicationController and initialize your current user and any other session information from that.

-- 
Dheeraj Kumar

On Monday 31 December 2012 at 12:52 PM, Rajesh KT wrote:

Shiv Narayan Gautam wrote in post #1090687:
Try passing it in the URL. Read more about URL rewriting in case of
disabled cookies.

It has some disadvantages.

--
Shiv

Can this be done in Ruby on Rails? I am aware that it works for JSP and
PHP.

--

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

No comments:

Post a Comment