Hello! I have been trying to read up on this REST stuff that everyone is talking about. :-) It all seems very nice, but I can''t seem to handle user sessions and still have pretty URLs. Perhaps someone here has a solution. As far as I can see, rails sessions breaks REST since the session the cookie refers to state located on the server. Another way to handle sessions would be to make them a resource and then refer to a session in the URL. Something like: http://host/controller/action?session=xyz This is in my opinion not as nice as the same URL with no session id suffix. My main gripe with session ids in the URL is that the URL isn''t bookmarkable in the same way as a URL without a session id. It might also be confusing for the end user if he wants to share an URL with a friend. Come to think of it, it might also be a security hole if a user decides to share an URL with a friend. What is this group''s take on REST and sessions? I have just recently started to read about REST so I might have missed something important. In that case maybe someone here can point me to some right direction. Regards, Mattias --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
As far as i know (and admittedly i dont know THAT much) Cookie information is sent in the header of a browser request alongside with POST, GET etc ... so i dont see an reason REST should break sessions? I have to say i didnt rellay work with REST though. Got any links to read up on this? Never heard about this issue ... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Nov 24, 2:52 pm, "Thorsten L" <duple...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote:> As far as i know (and admittedly i dont know THAT much) Cookie > information is sent in the header of a browser request alongside with > POST, GET etc ... so i dont see an reason REST should break sessions? > I have to say i didnt rellay work with REST though. > > Got any links to read up on this? Never heard about this issue ...I found this link: http://groups.yahoo.com/group/rest-discuss/message/3583 in the REST FAQ: http://rest.blueoxen.net/cgi-bin/wiki.pl?RestFaq :.:: mattias --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Rick''s restful_authentication plugin makes uses and sessions into resources. login => session/create logout => session/destroy signup => user/new http://www.agilewebdevelopment.com/plugins/restful_authentication A. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Alan Francis wrote:> Rick''s restful_authentication plugin makes uses and sessions into > resources. > > login => session/create > logout => session/destroy > signup => user/new > > http://www.agilewebdevelopment.com/plugins/restful_authenticationCan anyone tell me what a URL would look like using this plugin? How is the session resource specified when using a controller other than the session controller? :.:: brasse --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Mattias Brändström wrote:> Alan Francis wrote: >> Rick''s restful_authentication plugin makes uses and sessions into >> resources. >> >> login => session/create >> logout => session/destroy >> signup => user/new >> >> http://www.agilewebdevelopment.com/plugins/restful_authentication > > Can anyone tell me what a URL would look like using this plugin? How is > the session resource specified when using a controller other than the > session controller?Just like above... http://myapp.com/session/create http://myapp.com/session/destroy http://myapp.com/user/new But again, like above, they''re conveniently mapped to /login /logout and /signup Oh hold on, you mean how is the current session tracked ? Just like normal session tracking, via a cookie. Inside your controller, you have access to methods like logged_in? to tell if you''re logged in yet, a handy before_filter to redirect for login, and even optional ''remember me'' functionality which can auto login from a previous cookie. You can access ''current_user'' to get the current user out of the session when required. It''s a REALLY sweet plugin. A. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---