Why can't I changed the _session_id cookie?


#1

Hi,

I noticed that there is a cookie set by my rails scaffold that contains
a 32 character hash code in it, but when I tried to change its value
using Cookies[:_session_id], nothing happened, it stays the same!

How am I supposed to change the session_id?

Thanks.


#2

Woei S. wrote:

Hi,

I noticed that there is a cookie set by my rails scaffold that contains
a 32 character hash code in it, but when I tried to change its value
using Cookies[:_session_id], nothing happened, it stays the same!

How am I supposed to change the session_id?

Thanks.

I’ve noticed this too :confused:

What is it you want to achieve? I spent a lot of time trying to wrap
sessions in a separate permanent cookie because I had gotten the
impression that there was no way of having Rails make the session cookie
itself permanent. However, I eventually found that Rails can do this:
http://wiki.rubyonrails.com/rails/pages/HowtoChangeSessionOptions
(“changing session duration”).


#3

Henrik wrote:

I’ve noticed this too :confused:

What is it you want to achieve? I spent a lot of time trying to wrap
sessions in a separate permanent cookie because I had gotten the
impression that there was no way of having Rails make the session cookie
itself permanent. However, I eventually found that Rails can do this:
http://wiki.rubyonrails.com/rails/pages/HowtoChangeSessionOptions
(“changing session duration”).

What I was trying to do is to have each login generate a new session,
because strictly speaking, if someone “steals” the cookie from a logged
in browser and copies it elsewhere, he may be able to gain access to
priviledged information too.

Not too sure how that’d pan out :expressionless: