I have chunk of data that I need for the life of the session. I am going to use it for selects through out my app. Is the best place to keep this data in the session? Is the session easily spoofed or cracked? While viewing the data is not critical in itself, spoofing it could cause me massive headaches. -- Posted via http://www.ruby-forum.com/.
If a user is messing with the session, then f*ck em. Not your issue. If the data is small the session will work. ~ Ben On 4/27/06, Joe Cairns <joe.cairns@gmail.com> wrote:> I have chunk of data that I need for the life of the session. I am > going to use it for selects through out my app. > > Is the best place to keep this data in the session? Is the session > easily spoofed or cracked? While viewing the data is not critical in > itself, spoofing it could cause me massive headaches. > > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Ben Reubenstein benr@x-cr.com http://www.benr75.com
Joe Cairns wrote:> I have chunk of data that I need for the life of the session. I am > going to use it for selects through out my app. > > Is the best place to keep this data in the session? Is the session > easily spoofed or cracked? While viewing the data is not critical in > itself, spoofing it could cause me massive headaches.Unless you are doing something unusual, the session data is stored on your system either in your file system, in your database, or perhaps in memory. The user cannot directly manipulate the it. The user only has a cookie that contains the session_id. This session_id is 128 bits. Practically the only thing that a user could do is delete their cookie, or to replace their cookie with the cookie from another user that they somehow managed to steal. -- Ray