My requirement is to make a controller method to be able to accept
session id from cookie, if it is disabled/not available then from
request body.
This way I will return a session id from login request and use the same
session_id for any subsequent request body, if it’s not a browser
request.
Will this work?
Session is like an hash to store data with an application request.
It should work if you store a session while login like
session[:user]=“Myname_123”
it will renmain in the application until or unless you make it nil
session[:user]=nil
it is versy simple in consept
now session id it is identification of an particular session
and browser you know I use session in android emulator
now your turn
Rajarshi wrote in post #1090682:
Session is like an hash to store data with an application request.
It should work if you store a session while login like
session[:user]=“Myname_123”
it will renmain in the application until or unless you make it nil
session[:user]=nilit is versy simple in consept
now session id it is identification of an particular session
and browser you know I use session in android emulator
now your turn
Thanks Rajarshi for your reply!
But that’s not my question is - let me put in other way:
If I am using sessionstore, the _session_id has to be passed through
browser cookie. Now, If I disable cookie in the browser the entire
system doesn’t work. So, what is the other alternative I can pass the
session id through? if cookie is disabled.
Tried passing as request parameter, but that doesn’t work. Any
suggestion plese?
you can use many option
many others
Rajarshi wrote in post #1090684:
you can use many option
- memcache to store session in server
2.Activerecord to store session id in database so no need of your
browsermany others
I am using Activerecord only to store the session, but in some way
client has to send that session ID to server to retrieve the logged-in
session data, otherwise each time server will create a new session ID.
Right?
Try passing it in the URL. Read more about URL rewriting in case of
disabled cookies.
It has some disadvantages.
–
Shiv
You cannot use sessions without cookies enabled.
That said, you might remember what PHP does with the PHPSESSIONID
parameter appended to all URLs rendered in the page. You might want to
do something similar.
–
Dheeraj K.
Shiv Narayan G. wrote in post #1090687:
Try passing it in the URL. Read more about URL rewriting in case of
disabled cookies.It has some disadvantages.
http://www.javapractices.com/topic/TopicAction.do?Id=226–
Shiv
Can this be done in Ruby on Rails? I am aware that it works for JSP and
PHP.
Dheeraj K. wrote in post #1090690:
It’s not secure, session spoofing is a serious issue. I would encourage
not going that route.It can be done in rails, needs a bit of work but sure. Ideally, you’ll
alias_method_chain url_for and read the session in a parent controller,
like ApplicationController and initialize your current user and any
other session information from that.–
Dheeraj K.
Please suggest which route to follow, in order to make application work
even though cookies are disabled in the browser.
Thanks in advance for any help in this line.
you can send encrypted session id for that
your url should be like
/users?session_id='dasdadasdas2313124213213_session_application" with
encrypted session id
now after getting request you have to decrypt the session
use base64 for it
It’s not secure, session spoofing is a serious issue. I would encourage
not going that route.
It can be done in rails, needs a bit of work but sure. Ideally, you’ll
alias_method_chain url_for and read the session in a parent controller,
like ApplicationController and initialize your current user and any
other session information from that.
–
Dheeraj K.
I just said what you need. chain the url_for method to add session id to
the parameters, and read the session id in your application controller,
look it up in your session store, active record or memcache, then load
whatever information you want from the database.
–
Dheeraj K.
Dheeraj K. wrote in post #1090693:
I just said what you need. chain the url_for method to add session id to
the parameters, and read the session id in your application controller,
look it up in your session store, active record or memcache, then load
whatever information you want from the database.–
Dheeraj K.
Thanks Dheeraj. Truly appreciate if you can point me to some code
examples for this.
Thanks
url_for(:controller => “name of the controller”, :action => “name pf the
aciont”, :session => params[:value])
or
users_url(:session => params[:value])
it will create a dybnamic url like
/users?session=“sdsadsadasdas213213213”
and in params[:value] you have to encrypt the session id what you get
from
database
or encode64(params[:value])
now while it i s hitting it will send the request in that reuqest you
have
to parse it by decode64() and match the session id
Instead of adding a session parameter to every url_for call, alias
method chain it. any url helper calls url_for anyway, so you’re good.
Make sure the encryption is good with the session id, and don’t use weak
ones like base64, they make session spoofing so much easier.
–
Dheeraj K.
yes I know
Btw, I am using rails 3.0.5.
Dheeraj K. wrote in post #1090702:
Instead of adding a session parameter to every url_for call, alias
method chain it. any url helper calls url_for anyway, so you’re good.Make sure the encryption is good with the session id, and don’t use weak
ones like base64, they make session spoofing so much easier.–
Dheeraj K.
Are you referring this way:
http://brantinteractive.com/2008/05/13/cookieless-sessions-in-rails/
When I try below code in my application controller, it gives an error
saying - undefined method `session_id’ for
#<ActionDispatch::Session::AbstractStore::SessionHash:0x13423c80>
def default_url_options(options)
cookies[:_session_id] ||= { :value => ‘true’, :expires =>
10.seconds.from_now }
{ :_session_id => (request.xhr? ? params[:_session_id] :
session.session_id) } unless cookies[:_session_id]
end
Am I missing something here?
Dheeraj K. wrote in post #1090761:
replace session.session_id it with session[:session_id]
I don’t think it’s a hash with indifferent access.
–
Dheeraj K.
No, it doesn’t work, it creates a new session id even if I pass a logged
in session ID though URL.
Console log says;
::: Checking session expiry
::: Initializing session expiry. Expires at 2013-01-02 01:30:41 +0530
Redirected to http://localhost:3000/
replace session.session_id it with session[:session_id]
I don’t think it’s a hash with indifferent access.
–
Dheeraj K.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs