How to handle session with external input?

Hi,

I hope I chose the right title for the question. I am doing a time
tracking app for our intranet. Because the people tend to forget to
save their hours, we made a small desktop app with adobe air that pops
up where you can enter your hours, the hours should be posted to the
hours controller of the rails app.

When we post the data to /hours/new we get redirected to the login
page, because we are not logged in.
Question is can a session exist outside of the application, or does
session return anything that we could send with each post data to
confirm that the user is logged in?

which route you guys would go in order to solve this problem?
many thanks in advance…

frank blizzard

Thanks Bryan,

sure this wouldn’t be a problem.
But isn’t a session connected to the browser in some way.
I think I dont understand the whole session, authenticity, forgery
topic in rails yet.
You think I can login the user once from the Air app and after the
server will accept post requests, or do I need to pass back the
session data from the server (session_id, token) and send it then with
each request back from the Air app?

Thomas

On Mon, Apr 18, 2011 at 4:48 AM, frankblizzard
[email protected]wrote:

Question is can a session exist outside of the application, or does
session return anything that we could send with each post data to
confirm that the user is logged in?

which route you guys would go in order to solve this problem?
many thanks in advance…

I would suggest coding your Adobe Air application to login into your
rails
app before trying to add the hours. If you have the users
login/password,
whether provided by the user or stored by them in your Air app, then it
should not be too much of an issue to send them over to your login
controller and log the user in.

B.

On Tue, Apr 19, 2011 at 4:19 PM, frankblizzard
[email protected]wrote:

Thanks Bryan,

sure this wouldn’t be a problem.
But isn’t a session connected to the browser in some way.
I think I dont understand the whole session, authenticity, forgery
topic in rails yet.

It uses cookies to store the session information. You would need to pass
that cookie info back on requests. You can learn more about it here:

http://guides.rubyonrails.org/security.html

You think I can login the user once from the Air app and after the
server will accept post requests, or do I need to pass back the
session data from the server (session_id, token) and send it then with
each request back from the Air app?

You may want to look into the plugin WebORB. It allows for flex
applications
to connect to Rails and us your classes like web services.

http://www.themidnightcoders.com/products/weborb-for-rails/overview.html

You also definitely want to check out the site flexonrails.com. They
have a
series of Air apps that they connected to Rails for a demo at
RailsCon2008
and all the source is on their site.

http://flexonrails.com/

B.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs