Ruby on Rails Monday, December 31, 2012

you can send encrypted session id for that 

your url should be like /users?session_id='dasdadasdas2313124213213_session_application" with encrypted session id

now after getting request you have to decrypt the session 
use base64 for it

On Mon, Dec 31, 2012 at 1:15 PM, Rajesh KT <lists@ruby-forum.com> wrote:
Dheeraj Kumar wrote in post #1090690:
> It's not secure, session spoofing is a serious issue. I would encourage
> not going that route.
>
> It can be done in rails, needs a bit of work but sure. Ideally, you'll
> alias_method_chain url_for and read the session in a parent controller,
> like ApplicationController and initialize your current user and any
> other session information from that.
>
> --
> Dheeraj Kumar

Please suggest which route to follow, in order to make application work
even though cookies are disabled in the browser.

Thanks in advance for any help in this line.

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

No comments:

Post a Comment