I am planning an inhouse web application and a big number of users have their cookies disabled in their browsers. I have read that rails can handle session keys automatically only over cookies -- is this true? I have previously written web applications with perl where I passed the sessionid around as a GET or POST parameter in all web requests -- is there a built-in mechanism like this in Rails for handling the session data? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
straightflush-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2006-Sep-29 12:58 UTC
Re: Sessions without cookies??
i think you would have to find a way to always pass a query string to the url for each request (like ?sid=838bdaf). Maybe you can use routes.rb to do this somehow or another option is to maybe use a before_filter in application.rb ? On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > I am planning an inhouse web application and a big number of users have > their cookies disabled in their browsers. I have read that rails can > handle session keys automatically only over cookies -- is this true? > I have previously written web applications with perl where I passed the > sessionid around as a GET or POST parameter in all web requests -- is > there a built-in mechanism like this in Rails for handling the session > data? > > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
unknown wrote:> i think you would have to find a way to always pass a query string to > the > url for each request (like ?sid=838bdaf). Maybe you can use routes.rb > to do > this somehow or another option is to maybe use a before_filter in > application.rb ?I would expect a framework to automate this for me ... is there some plugin or example code that does this or is this planned for a release anytime soon? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
2006/9/29, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>:> > I would expect a framework to automate this for me ... is there some > plugin or example code that does this or is this planned for a release > anytime soon? > >This framework expects its users to have cookies enabled. Rails does, what most people do most of the time. It''s as simple as that. Kind regards Nicolai --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
You can override url_for and form_tag in application_helper.rb. Good discussion about this here: http://forums.somethingawful.com/showthread.php?s=&threadid=2053851 -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Nicolai Reuschling wrote:> 2006/9/29, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>: > >> >> I would expect a framework to automate this for me ... is there some >> plugin or example code that does this or is this planned for a release >> anytime soon? >> >> > This framework expects its users to have cookies enabled. Rails does, > what > most people do most of the time. It''s as simple as that. >If this framework makes such a sweeping expectation it is simply not usable for professional development. Many users disable cookies and it is their right to do so. Polite companies who respect their users will not force them to enable cookies just to use their site. It is as simple as that. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
> > > > I would expect a framework to automate this for me ... is there some > > plugin or example code that does this or is this planned for a release > > anytime soon? > > > > > > This framework expects its users to have cookies enabled. Rails does, what > most people do most of the time. It''s as simple as that.I can see both sides here, but I really don''t think it''s reasonable to expect this feature out of the box given that it is not an issue for most people. Without a way to make sessions work with the id passed in the query string, it will limit rails in some areas, although how many I don''t know. I do know that many ecommerce sites need to work without cookies, especially those that have mobile phone friendly pages. We have a fairly large ecommerce app written in perl being used by a lot of merchants, and the number of people who block cookies is small, but significant enough that we don''t require cookies. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Someone already mentioned a viable option of passing the session info into the url. On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > Nicolai Reuschling wrote: > > 2006/9/29, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>: > > > >> > >> I would expect a framework to automate this for me ... is there some > >> plugin or example code that does this or is this planned for a release > >> anytime soon? > >> > >> > > This framework expects its users to have cookies enabled. Rails does, > > what > > most people do most of the time. It''s as simple as that. > > > If this framework makes such a sweeping expectation it is simply not > usable for professional development. Many users disable cookies and it > is their right to do so. Polite companies who respect their users will > not force them to enable cookies just to use their site. > > It is as simple as that. > > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> If this framework makes such a sweeping expectation it is simply not > usable for professional development.And yet, many professional websites do in fact use it. -- I have made this letter longer than usual, because I lack the time to make it short. -- Blaise Pascal --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Michael Campbell wrote:> On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > >> If this framework makes such a sweeping expectation it is simply not >> usable for professional development. > > > And yet, many professional websites do in fact use it. >Yeah, many sites force their rules on their customers instead of accepting their preferences -- some even force them to use IE. Not everyone does want to follow such an impolite policy though. As has been pointed out, there are also other reasons why users might be forced not to use cookies. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Michael Campbell wrote: > > On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > > > >> If this framework makes such a sweeping expectation it is simply not > >> usable for professional development. > > > > > > And yet, many professional websites do in fact use it. > > > Yeah, many sites force their rules on their customers instead of > accepting their preferences -- some even force them to use IE.Right. And that''s completely unrelated to your assertion that Rails is completely unusable for professional development. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Roman Hausner wrote:> > Michael Campbell wrote: > > On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > > > >> If this framework makes such a sweeping expectation it is simply not > >> usable for professional development. > > > > > > And yet, many professional websites do in fact use it. > > > Yeah, many sites force their rules on their customers instead of > accepting their preferences -- some even force them to use IE. > > Not everyone does want to follow such an impolite policy though. > As has been pointed out, there are also other reasons why users > might be forced not to use cookies. >Okay ok, enough with the bickering already... I have found this feature-lacking when I was learning rails (stilll learning). But I do recall at least one other framework lacking it too. Anyway, I have always developed with cookies turned off. This is because I don''t want my app to be dependent on it. So I rolled my own. Perhaps this is something I can give back to the community. I can release this code, but how should I go about doing it? What is the preferred way and where can I get the documentation? I have heard of ''patches'' and ''plugins'' but have not looked it up (busy developing :-). If someone would kindly point me in the right direction, it just might get done sooner. Cheers, Long --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
As was mentioned before, Rails always aims to make the majority of web applications simple to set up. If your application has demands that falls outside of this major percentage then its not as though you''re being forced out, you just have to make a few small alterations to configure it. There''s many embelishments to the rails core that add features that some applications need, that''s why there''s the plugin system, in fact when you solve this problem why not release a plugin that anyone else who wants the same feature can benfit from? Ross On 9/29/06, Michael Campbell <michael.campbell-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > > > > Michael Campbell wrote: > > > On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > > > > > >> If this framework makes such a sweeping expectation it is simply not > > >> usable for professional development. > > > > > > > > > And yet, many professional websites do in fact use it. > > > > > Yeah, many sites force their rules on their customers instead of > > accepting their preferences -- some even force them to use IE. > > Right. And that''s completely unrelated to your assertion that Rails > is completely unusable for professional development. > > > >-- Ross Riley www.sorrylies.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
There are three basic ways to have state in a web app In a cookie in the form Or put in the url Rails can handle all these You just have to choose one -----Original Message----- From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org [mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On Behalf Of Roman Hausner Sent: Friday, September 29, 2006 3:02 PM To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Subject: [Rails] Re: Sessions without cookies?? Michael Campbell wrote:> On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > >> If this framework makes such a sweeping expectation it is simply not >> usable for professional development. > > > And yet, many professional websites do in fact use it. >Yeah, many sites force their rules on their customers instead of accepting their preferences -- some even force them to use IE. Not everyone does want to follow such an impolite policy though. As has been pointed out, there are also other reasons why users might be forced not to use cookies. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
http://wiki.rubyonrails.com/rails/pages/HowTosPlugins explains how to write plugins. Ross On 9/29/06, Ross Riley <riley.ross-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> As was mentioned before, Rails always aims to make the majority of web > applications simple to set up. > > If your application has demands that falls outside of this major > percentage then its not as though you''re being forced out, you just > have to make a few small alterations to configure it. > > There''s many embelishments to the rails core that add features that > some applications need, that''s why there''s the plugin system, in fact > when you solve this problem why not release a plugin that anyone else > who wants the same feature can benfit from? > > Ross > > > On 9/29/06, Michael Campbell <michael.campbell-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > > > > > > Michael Campbell wrote: > > > > On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > > > > > > > >> If this framework makes such a sweeping expectation it is simply not > > > >> usable for professional development. > > > > > > > > > > > > And yet, many professional websites do in fact use it. > > > > > > > Yeah, many sites force their rules on their customers instead of > > > accepting their preferences -- some even force them to use IE. > > > > Right. And that''s completely unrelated to your assertion that Rails > > is completely unusable for professional development. > > > > > > > > > > > -- > Ross Riley > www.sorrylies.com >-- Ross Riley www.sorrylies.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Clayton Cottingham wrote:> There are three basic ways to have state in a web app > > In a cookie > > in the form > > Or put in the url > > Rails can handle all these >How? Can you explain how to "choose" a way that is not using cookies in more detail? In a previous web application i wrote (not with rails) I forms when possible if there was no cookie support and get parameters in urls if everything else failed. Essentially, we need to pass around a special ID value in each and every request. Since this is something that happens at many places, I''d have expected the framework to do it under the hood instead of forcing the user to manually add e.g. a condition and parameter to each and every POST frame that is used. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
I would like to point out here that using cookies for session tracking is a very accepted practice these days. I would recommend that you try an experiment of turning off cookies and javascript and try using the web the way you are used to using it. Even .NET requires cookies and are you willing to make the claim that it is not used for professional applications? I am not aware of any local java shops in my area who bother with the built-in URL re-writing in j2ee anymore. They simply don''t want to bother. I would have agreed with you in 1997 when some of my clients felt this way. Others, upon hearing the extra cost of using URL rewiriting in java, said to just use cookies. Web developers have stopped putting important data into cookies long ago and the public now trusts them. Most of my students are not even aware that they were once controversial. I would like to propose that we stop worrying about cookies and focus on the more important worrisome issues like XSS, and SQL injection. -Eric On 9/29/06, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > Nicolai Reuschling wrote: > > 2006/9/29, Roman Hausner <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>: > > > >> > >> I would expect a framework to automate this for me ... is there some > >> plugin or example code that does this or is this planned for a release > >> anytime soon? > >> > >> > > This framework expects its users to have cookies enabled. Rails does, > > what > > most people do most of the time. It''s as simple as that. > > > If this framework makes such a sweeping expectation it is simply not > usable for professional development. Many users disable cookies and it > is their right to do so. Polite companies who respect their users will > not force them to enable cookies just to use their site. > > It is as simple as that. > > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
As to whether Rails "is simply not usable for professional development" - there''s a lot of evidence to refute that. 37Signals is making a boatload of money- you think they''re not "professional"? If so, I have to say, that''s the kind of non-professionalism I aspire to ;-) Having said that, I think support for session-id-in-url would be a great addition to Rails- as DHH might say, "please do write a plugin" ;-) Lastly, much of this talk about people having cookies disabled misses a fine distinction. The cookie that Rails uses for session id expires when you close your browser. While some people may have persistent cookies disabled, I would venture to guess that the number that have non-persistent (session) cookies disabled is considerably less. As Eric Knapp points out, above, much of the modern web would be practically unusable without session cookies. Ever used a shopping cart? Over at Lingr (http://www.lingr.com), we haven''t heard any feedback from users complaining about our requirement of session cookies. I doubt we ever will. I''m certainly not loosing any sleep over whatever users, if any, we turn away due to that requirement. - D -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 29 Sep 2006, at 23:58, Roman Hausner wrote:> Can you explain how to "choose" a way that is not > using cookies in more detail?Somebody already mentioned that you can pass it around on the URL and handle a bit of the heavy-lifting via routes.rb, but you''re going to need to make sure that every link you create passes it, so instead of <%= link_to ''Add to Cart'', :action => ''add'', :id => item.id %> You would instead have: <%= link_to ''Add to Cart'', :action => ''add'', :id => item.id, :my_session_id => params[:my_session_id] %> You could conceivably over-ride the link_to method. It''s only 10 lines, just create a new one in your application helper that always passes params[:my_session_id] or whatever, and then you wouldn''t have to re-write every link in your application.> In a previous web application i wrote (not with rails) > I forms when possible if there was no cookie support and > get parameters in urls if everything else failed.So cookies are bad, but encoding session data into the HTML of the page by way of a for is perfectly acceptable? What happens when they hit the back button? The session[] data Rails uses is fantastic. It has all sorts of goodness to it that looks after all sorts of problems relating to the asynchronous stateless nature of web application development. However, you should only use it if you really care about client state. If you don''t, don''t insist on it. If you do care about client state, I can''t see any reason why it is evil to say to the user ''you need to let me set a cookie from this site for you to be able to use the application properly''. Every other method of trying to replicate sessions has draw-backs far more severe than saying "you have an account with us, we have your credit card details, you clearly trust us, why can''t we put a few hundred bytes in your web browser cache?". If on the other hand you''re just trying to spy on your users, there are better ways of doing it.> I''d have expected the > framework to do it under the hood instead of forcing > the user to manually add e.g. a condition and parameter > to each and every POST frame that is used.Like I say, re-define link_to (or any other method you want) and do what you want to it. It''s not hard, just a really stupid idea for 98% of applications out there, and may cause problems in terms of maintenance down the line unless you''ve documented the fact you''ve done this... HTH, -- Paul Robinson http://vagueware.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---