hi all,
i would like to know how safe is to use session variables like
session[:name]=something? can it be tampered by the user or somebody?
can we have it in methods in application.rb and application_helper.rb
for some validation and how safe is that too? i’ve different types of
users for whom views are also different so i was thinking of setting
them by session vars. is thr any other better way? any help is greatly
appreciated. thanks in advance. 
-Dhaval
On 23 Jun 2008, at 12:47, Dhaval P. wrote:
depends to the session store to an extent. With the cookie store the
entire session is stored as a cookie (and signed with a cryptographic
hash), so tampering with it is hard. Users can with fairly minimal
effort read what is in the session.
Fred
hi Fred,
thanks a lot for reply :). i’m not using cookies so i think it should
be safe to use session vars then. one more thing i would like to know
from ur reply is “depends to the session store to an extent”, can u
explain a bit more on this pls? do u mean the cookie or DB to store the
session details or anything else?
-Dhaval
On Jun 23, 1:38 pm, Dhaval P. <rails-mailing-l…@andreas-
s.net> wrote:
hi Fred,
thanks a lot for reply :). i’m not using cookies so i think it should
be safe to use session vars then. one more thing i would like to know
from ur reply is “depends to the session store to an extent”, can u
explain a bit more on this pls? do u mean the cookie or DB to store the
session details or anything else?
I meant that if you are using the CookieStore (the default since rails
2) then what i wrote applies, if not it doesn’t since session data is
stored somewhere on your server with all the other session stores.
Fred
Frederick C. wrote:
On Jun 23, 1:38�pm, Dhaval P. <rails-mailing-l…@andreas-
s.net> wrote:hi Fred,
� �thanks a lot for reply :). i’m not using cookies so i think it should
be safe to use session vars then. one more thing i would like to know
from ur reply is “depends to the session store to an extent”, can u
explain a bit more on this pls? do u mean the cookie or DB to store the
session details or anything else?I meant that if you are using the CookieStore (the default since rails
2) then what i wrote applies, if not it doesn’t since session data is
stored somewhere on your server with all the other session stores.Fred
thanks a lot Fred, that helped me a lot, everythings much clear now. 
-Dhaval
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs