Hello All,
I would need someone to explain to me how Rails session works? I need
all
the options available and tricks (if any).
Regards,
It’s pretty tough to answer such a vague question. What about the Guide
didn’t help you? Securing Rails Applications — Ruby on Rails Guides
Hello Jim,
Thanks for that link. However, I would want to know how it is
accomplished?
is it cookie based? And which algorithm is used to generate the random
object?
Emeka
On Mon, May 23, 2011 at 7:42 AM, Jim T. [email protected] wrote:
You received this message because you are subscribed to the Google G.
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
–
*Satajanus Nig. Ltd
On 23 May 2011, at 09:16, Emeka wrote:
Thanks for that link. However, I would want to know how it is
accomplished? is it cookie based? And which algorithm is used to
generate the random object?
Yes, a session is cookie-based.
If you want to find out every single little detail, just read the
Rails codebase. That’s the great thing about opensource, isn’t it?
Best regards
Peter De Berdt
Thanks so much.
However, I am using the so-called cookieStore.
session[:user_id] = user.id
Will this be saved at the client? Will the client see the user.id?
What is saved at the client? And how is the server relates to that?
Emeka
On Mon, May 23, 2011 at 9:03 AM, Peter De Berdt
[email protected]wrote:
If you want to find out every single little detail, just read the Rails
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
–
*Satajanus Nig. Ltd
On 23 May 2011 10:15, Emeka [email protected] wrote:
However, I am using the so-called cookieStore.
session[:user_id] = user.id
Will this be saved at the client? Will the client see the user.id?What is saved at the client? And how is the server relates to that?
These questions are all answered in the first few paragraphs of the
‘Session’ section of ‘Action Controller Overview’ guide:
and there is more detail along with security recommendations in the
Security Guide:
Chris
Thanks you all.
Emeka
On Mon, May 23, 2011 at 10:28 AM, Chris M. [email protected]
wrote:
Action Controller Overview — Ruby on Rails Guides
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
–
*Satajanus Nig. Ltd