Monday, December 31, 2012
you can send encrypted session id for that
now after getting request you have to decrypt the session
use base64 for it
-- On Mon, Dec 31, 2012 at 1:15 PM, Rajesh KT <lists@ruby-forum.com> wrote:
Dheeraj Kumar wrote in post #1090690:
> It's not secure, session spoofing is a serious issue. I would encouragePlease suggest which route to follow, in order to make application work
> not going that route.
>
> It can be done in rails, needs a bit of work but sure. Ideally, you'll
> alias_method_chain url_for and read the session in a parent controller,
> like ApplicationController and initialize your current user and any
> other session information from that.
>
> --
> Dheeraj Kumar
even though cookies are disabled in the browser.
Thanks in advance for any help in this line.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment