Persisting Session Data When Cookies Are Disabled

is this possible? i’m serving a rails app into an iframe and i’m testing
in
chrome with “block third-party cookies” selected because it’s not safe
to
assume that third-party cookies won’t be blocked. iframes are treated as
third parties so i need the app to function independently of cookies.
i’ve
done a boatload of googling an fiddling already, and it seems that even
if
you change “.config.session_store :cookie_store” to active_record_store
or
mem_cache_store (plus the additional configuration/gems those entail),
the
persistence of session data is STILL dependent on the availability of
cookies, which is kind of a fake out with regards to the name of that
config.

at this point i have resorted to running memcached putting this:

  • def write(k,v)*
    Rails.cache.write(request.remote_ip.gsub(’.’, ‘’)+k,v)

  • end*

  • def read(k)*
    Rails.cache.read(request.remote_ip.gsub(’.’, ‘’)+k)

  • end*

in my application_controller and using it as i would “session[:foo] =
bar”
or “session[:foo]”. it works, but i don’t feel great about it due to the
nature of IP addresses. is there a better way to accomplish this?

On Friday, December 6, 2013 3:36:28 AM UTC, Fred Guest wrote:

config.

Yes - a cookie is used to record which database row / memcache key to
use.
The name of the store implies where the actual session data is stored.

in my application_controller and using it as i would “session[:foo] = bar”
or “session[:foo]”. it works, but i don’t feel great about it due to the
nature of IP addresses. is there a better way to accomplish this?

Is it an option for you to pass a session id in the url? Unideal too,
but
perhaps less unideal than what you currently have. I think this used to
be
something rails supported, but I seem to remember it getting removed, so
you might have to hack that back in.

Fred

thanks my friend, Freds gotta stick together. yes it seems Rails does
not
want session ids in urls at
all
http://guides.rubyonrails.org/action_controller_overview.html#session
the other option is to pass around resource ids in urls, it just gets
messy. this feels like something a framework should provide a default
solution for but i guess not.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs