Forum: Ruby on Rails Noob Design Question

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
7b2a4ea7a2c486b1b0ceab3c6d4680d9?d=identicon&s=25 Joe Cairns (diregnome)
on 2006-04-27 17:09
I have chunk of data that I need for the life of the session.  I am
going to use it for selects through out my app.

Is the best place to keep this data in the session?  Is the session
easily spoofed or cracked?  While viewing the data is not critical in
itself, spoofing it could cause me massive headaches.
D90ef6808433e63203e15a5c2dadb0bb?d=identicon&s=25 Ben Reubenstein (Guest)
on 2006-04-27 22:22
(Received via mailing list)
If a user is messing with the session, then f*ck em.  Not your issue.
If the data is small the session will work.

~ Ben

On 4/27/06, Joe Cairns <joe.cairns@gmail.com> wrote:
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>


--
Ben Reubenstein
benr@x-cr.com
http://www.benr75.com
E28c35323f624b8b9ed8712e25105454?d=identicon&s=25 Ray Baxter (Guest)
on 2006-04-27 23:17
(Received via mailing list)
Joe Cairns wrote:

> I have chunk of data that I need for the life of the session.  I am
> going to use it for selects through out my app.
>
> Is the best place to keep this data in the session?  Is the session
> easily spoofed or cracked?  While viewing the data is not critical in
> itself, spoofing it could cause me massive headaches.

Unless you are doing something unusual, the session data is stored on
your system either in your file system, in your database, or perhaps in
memory. The user cannot directly manipulate the it.

The user only has a cookie that contains the session_id. This session_id
is 128 bits. Practically the only thing that a user could do is delete
their cookie, or to replace their cookie with the cookie from another
user that they somehow managed to steal.

--

Ray
This topic is locked and can not be replied to.