Hello,
I have an old, huge, awful 1.2.3 rails application. I can''t upgrade it
and I must integrate it with a new 2.3.2 rails app, by sharing sessions.
I''ve tried a lot of things, dirty things indeed, but that
didn''t work.
Does anybody know a way to do this job?
Last thing I tried, unsuccessfully, was config 1.2.3 app this way:
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_key
=> ''_something_here'')
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_id
=>
''a0cd7a049e27f77c8ca73fd590552776e47de47e3c7a44638bd4ab8add7140c11edd892a4d9d019d643a068c88d1a30c72b544b453ccdd8774a17ac589112081c779f51834a567314b95a0cdda01fe977b16440b721f6fde71ce0130b70c5bf90d1066bdef4e5ec08dca457522b0b399cf4567603b377efb28f701fc78'')
And this in 2.3.2 app;
ActionController::Base.session = {
:key => ''_something_here'',
:secret =>
''a0cd7a049e27f77c8ca73fd590552776e47de47e3c7a44638bd4ab8add7140c11edd892a4d9d019d643a068c88d1a30c72b544b453ccdd8774a17ac589112081c779f51834a567314b95a0cdda01fe977b16440b721f6fde71ce0130b70c5bf90d1066bdef4e5ec08dca457522b0b399cf4567603b377efb28f701fc78''
}
Thanks in advance.
Marcia
--
Posted via http://www.ruby-forum.com/.
Best of luck getting this to work - I don''t think the two mechanisms are directly compatible. It may actually be *less* painful to set up something like RubyCAS to do the signon. BTW: 1.2.3 has a number of known security holes, including some issues with possible session fixation attacks. You may want to at least try to upgrade to a higher version in the 1.2.x series. --Matt Jones On Jul 14, 9:06 am, Marcia Almeida <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Hello, > > I have an old, huge, awful 1.2.3 rails application. I can''t upgrade it > and I must integrate it with a new 2.3.2 rails app, by sharing sessions. > I''ve tried a lot of things, dirty things indeed, but that didn''t work. > Does anybody know a way to do this job? > > Last thing I tried, unsuccessfully, was config 1.2.3 app this way: > > ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_key > => ''_something_here'') > ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update(:session_id > => > ''a0cd7a049e27f77c8ca73fd590552776e47de47e3c7a44638bd4ab8add7140c11edd892a4d 9d019d643a068c88d1a30c72b544b453ccdd8774a17ac589112081c779f51834a567314b95a 0cdda01fe977b16440b721f6fde71ce0130b70c5bf90d1066bdef4e5ec08dca457522b0b399 cf4567603b377efb28f701fc78'') > > And this in 2.3.2 app; > > ActionController::Base.session = { > :key => ''_something_here'', > :secret => > ''a0cd7a049e27f77c8ca73fd590552776e47de47e3c7a44638bd4ab8add7140c11edd892a4d 9d019d643a068c88d1a30c72b544b453ccdd8774a17ac589112081c779f51834a567314b95a 0cdda01fe977b16440b721f6fde71ce0130b70c5bf90d1066bdef4e5ec08dca457522b0b399 cf4567603b377efb28f701fc78'' > > } > > Thanks in advance. > > Marcia > -- > Posted viahttp://www.ruby-forum.com/.
Thanks, Matt. I''ll do that. Matt Jones wrote:> Best of luck getting this to work - I don''t think the two mechanisms > are directly compatible. It may actually be *less* painful to set up > something like RubyCAS to do the signon. > > BTW: 1.2.3 has a number of known security holes, including some issues > with possible session fixation attacks. You may want to at least try > to upgrade to a higher version in the 1.2.x series. > > --Matt Jones > > On Jul 14, 9:06�am, Marcia Almeida <rails-mailing-l...@andreas-s.net>-- Posted via http://www.ruby-forum.com/.