We''re building a "click to watch" movie site right now in which I''ve built a custom view (and route) that sends an ASF (a Microsoft XML descriptor) file to the client which in turn redirects the client''s Windows Media Player to the correct streaming media server IP address and filename so that they can watch the movie. This works fine as long as my custom view (called "play") does not reference the @session hash. In the "play" method of my controller, however, if I so much as check the @session hash to see if the user is logged in, apparently Rails automatically sends a "Set-Cookie" header in the response. Under any other circumstance, this is probably a desirable thing; however, in this case, if the Set-Cookie header is sent, Windows Media Player believes that the ASF file it just downloaded is corrupted in some way, and refuses to play the movie. How can I prevent the Set-Cookie header from being sent under all circumstances, just for this particular action? Thank-you, Duane Johnson (canadaduane)
On Jun 3, 2005, at 11:19 AM, Duane Johnson wrote:> We''re building a "click to watch" movie site right now in which > I''ve built a custom view (and route) that sends an ASF (a Microsoft > XML descriptor) file to the client which in turn redirects the > client''s Windows Media Player to the correct streaming media server > IP address and filename so that they can watch the movie. This > works fine as long as my custom view (called "play") does not > reference the @session hash. > > In the "play" method of my controller, however, if I so much as > check the @session hash to see if the user is logged in, apparently > Rails automatically sends a "Set-Cookie" header in the response. > Under any other circumstance, this is probably a desirable thing; > however, in this case, if the Set-Cookie header is sent, Windows > Media Player believes that the ASF file it just downloaded is > corrupted in some way, and refuses to play the movie. > > How can I prevent the Set-Cookie header from being sent under all > circumstances, just for this particular action?Can you call session.delete? Not sure that will help or not--just a thought. - Jamis
>> How can I prevent the Set-Cookie header from being sent under all >> circumstances, just for this particular action? >> > > Can you call session.delete? Not sure that will help or not--just a > thought.It doesn''t seem to help, but thanks for the suggestion. I followed the CGI code in action_controller/cgi_process.rb and found that the session is being created there by default (doesn''t look like there''s a variable I can set to tell it otherwise). Is there anyone familiar enough with this part of Rails that they could give me a tip in the right direction? Thanks, Duane Johnson (canadaduane) _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On 6/3/05, Duane Johnson <duane.johnson-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > How can I prevent the Set-Cookie header from being sent under all > circumstances, just for this particular action? > > Can you call session.delete? Not sure that will help or not--just a thought. > It doesn''t seem to help, but thanks for the suggestion. I followed the CGI > code in action_controller/cgi_process.rb and found that the > session is being created there by default (doesn''t look like there''s a > variable I can set to tell it otherwise). Is there anyone familiar enough > with this part of Rails that they could give me a tip in the right > direction?It appears that cookies are sent via a method defined in actioncontroller/cookies.rb. Try overriding it in your controller: def set_cookie(options) end My guess is that now when rails calls set_cookie when executing that particular controller, nothing will happen.
On 6/3/05, Duane Johnson <duane.johnson-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > In the "play" method of my controller, however, if I so much as check > the @session hash to see if the user is logged in, apparently Rails > automatically sends a "Set-Cookie" header in the response....> How can I prevent the Set-Cookie header from being sent under all > circumstances, just for this particular action? >See http://dev.rubyonrails.com/ticket/1363 I''ve successfully used the method described in this ticket. Either apply the patch or add the new begin_session method, found in the patch file, to ActionController::Base (I do this in the environment.rb). An improved patch is almost complete, which I''m attempting to get into Rails 1.0. - Dennis -- "Thanks to the crew of rocketscientists.ca <http://rocketscientists.ca> for the gmail invitation!" http://www.rocketscientists.ca/ _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
> See http://dev.rubyonrails.com/ticket/1363 > > I''ve successfully used the method described in this ticket. Either > apply the patch or add the new begin_session method, found in the > patch file, to ActionController::Base (I do this in the > environment.rb). > > An improved patch is almost complete, which I''m attempting to get > into Rails 1.0. > > - DennisThanks for that info. For future reference to those using Windows Media Player (series 9 on mac os x, at least), here''s what I''ve discovered: I wanted to offer a very simple form of copy protection by only allowing logged-in users to download the ASX (xml) metafile that points to the real media server and video files. But I ran into a hitch. Once the browser loads the .asx file, Windows Media Player does NOT load the cached .asx file locally as I had assumed. It goes out to the internet to get its own copy. So the reason the streaming media failed to work in this case was that my Rails-created .asx metafile was being loaded once (with cookies) by the browser and once (without cookies, and hence, without a session) by Windows Media Player. The second load was failing because, obviously, without cookies I couldn''t authorize the user as a subscribed member of our service. Looks like we''ll be searching for a DRM solution next. Duane Johnson (canadaduane) _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails