Forum: Ruby on Rails Why can't I changed the _session_id cookie?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Woei S. (Guest)
on 2006-01-14 02:03
Hi,

I noticed that there is a cookie set by my rails scaffold that contains
a 32 character hash code in it, but when I tried to change its value
using Cookies[:_session_id], nothing happened, it stays the same!

How am I supposed to change the session_id?

Thanks.
Henrik (Guest)
on 2006-01-15 12:27
Woei S. wrote:
> Hi,
>
> I noticed that there is a cookie set by my rails scaffold that contains
> a 32 character hash code in it, but when I tried to change its value
> using Cookies[:_session_id], nothing happened, it stays the same!
>
> How am I supposed to change the session_id?
>
> Thanks.

I've noticed this too :/

What is it you want to achieve? I spent a lot of time trying to wrap
sessions in a separate permanent cookie because I had gotten the
impression that there was no way of having Rails make the session cookie
itself permanent. However, I eventually found that Rails _can_ do this:
http://wiki.rubyonrails.com/rails/pages/HowtoChang...
("changing session duration").
Woei S. (Guest)
on 2006-01-17 02:29
Henrik wrote:
> I've noticed this too :/
>
> What is it you want to achieve? I spent a lot of time trying to wrap
> sessions in a separate permanent cookie because I had gotten the
> impression that there was no way of having Rails make the session cookie
> itself permanent. However, I eventually found that Rails _can_ do this:
> http://wiki.rubyonrails.com/rails/pages/HowtoChang...
> ("changing session duration").

What I was trying to do is to have each login generate a new session,
because strictly speaking, if someone "steals" the cookie from a logged
in browser and copies it elsewhere, he may be able to gain access to
priviledged information too.

Not too sure how that'd pan out :|
This topic is locked and can not be replied to.