Edge has a change in default behaviour where sessions are stored as
cookies instead of in the file system. This was a pleasant surprise when
I synced up, fired up my app, and nothing worked. Ah, life on the edge.
I''m sure I''m just missing something, but I can''t get
sessions to survive
the first redirect. I added the following code to environment.rb, based
on Ryan''s (http://www.ryandaigle.com/) note:
config.action_controller.session = {
:session_key => ''_<%= app_name %>_session'',
:secret => ''<%= CGI::Session.generate_unique_id(app_name)
%>''
}
The problem is probably related to the fact that the embedded ruby is
not getting processed. The generated cookie is
NAME: _<%
VALUE app_name %>_session...
What am I missing? (I''m in dev mode, btw).
TIA,
Keith
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
On 3/1/07, Keith Lancaster <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Edge has a change in default behaviour where sessions are stored as > cookies instead of in the file system. This was a pleasant surprise when > I synced up, fired up my app, and nothing worked. Ah, life on the edge. > > I''m sure I''m just missing something, but I can''t get sessions to survive > the first redirect. I added the following code to environment.rb, based > on Ryan''s (http://www.ryandaigle.com/) note: > > config.action_controller.session = { > :session_key => ''_<%= app_name %>_session'', > :secret => ''<%= CGI::Session.generate_unique_id(app_name) %>'' > } > > The problem is probably related to the fact that the embedded ruby is > not getting processed. The generated cookie is > > NAME: _<% > VALUE app_name %>_session... > > What am I missing? (I''m in dev mode, btw).<% %> is used for erb. However, since config files use ruby, you''ll have to use #{} for variables. The reason Ryan''s sample has that is because he''s taking code from the rails app generator. Once generated with a command like ''rails foo'', your app will have this: config.action_controller.session = { :session_key => ''foo_session'', :secret => ''someuniquehash'' } -- Rick Olson http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Heh. I put this in my new project too. I thought it looked strange having
erb in the environment.rb file but when I used "#{}" [note the double
quotes] I ran into a heap of trouble. So, if I now understand correctly, we
should just having something like
config.action_controller.session = {
:session_key => ''_#{app_name}_session'',
:secret =>
''CGI::Session.generate_unique_id(#{app_name})''
}
with single quotes? I''m presuming this will get evaluated somewhere
else?
I''m a bit fuzzy on this and would totally appreciate any clarification.
RSL
On 3/1/07, Rick Olson
<technoweenie-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:>
>
> On 3/1/07, Keith Lancaster
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
> >
> > Edge has a change in default behaviour where sessions are stored as
> > cookies instead of in the file system. This was a pleasant surprise
when
> > I synced up, fired up my app, and nothing worked. Ah, life on the
edge.
> >
> > I''m sure I''m just missing something, but I
can''t get sessions to survive
> > the first redirect. I added the following code to environment.rb,
based
> > on Ryan''s (http://www.ryandaigle.com/) note:
> >
> > config.action_controller.session = {
> > :session_key => ''_<%= app_name
%>_session'',
> > :secret => ''<%=
CGI::Session.generate_unique_id(app_name) %>''
> > }
> >
> > The problem is probably related to the fact that the embedded ruby is
> > not getting processed. The generated cookie is
> >
> > NAME: _<%
> > VALUE app_name %>_session...
> >
> > What am I missing? (I''m in dev mode, btw).
>
> <% %> is used for erb. However, since config files use ruby,
you''ll
> have to use #{} for variables.
>
> The reason Ryan''s sample has that is because he''s taking
code from the
> rails app generator. Once generated with a command like ''rails
foo'',
> your app will have this:
>
> config.action_controller.session = {
> :session_key => ''foo_session'',
> :secret => ''someuniquehash''
> }
>
> --
> Rick Olson
> http://weblog.techno-weenie.net
> http://mephistoblog.com
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
On 3/1/07, Russell Norris <sconds-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Heh. I put this in my new project too. I thought it looked strange having > erb in the environment.rb file but when I used "#{}" [note the double > quotes] I ran into a heap of trouble. So, if I now understand correctly, we > should just having something like > > config.action_controller.session = { > :session_key => ''_#{app_name}_session'', > :secret => ''CGI::Session.generate_unique_id(#{app_name})'' > } > > with single quotes? I''m presuming this will get evaluated somewhere else? > I''m a bit fuzzy on this and would totally appreciate any clarification. > > RSLOnly if you have an app name variable in scope. Again, that is for the *generator* only. For your rails app you can do something like this: config.action_controller.session = { :session_key => ''_foo_session'', :secret => ''whatever'' } If you''re cryptographically challenged, you can use script/console to generate something for you:>> CGI::Session.generate_unique_id(''something'')Naturally, any string will do. -- Rick Olson http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Rick Olson wrote:> <% %> is used for erb. However, since config files use ruby, you''ll > have to use #{} for variables. > > The reason Ryan''s sample has that is because he''s taking code from the > rails app generator. Once generated with a command like ''rails foo'', > your app will have this: > > config.action_controller.session = { > :session_key => ''foo_session'', > :secret => ''someuniquehash'' > } >That makes sense. Not knowing exactly how the entry was processed, I was unsure if somehow this was being processed by erb. I''ll post something back to Ryan to make sure this is clear. Thanks -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Apparently Analagous Threads
- How do you create one session cookie for multiple subdomains
- Some additional attacks on Cookie Session
- Turning off InvalidAuthenticityToken for a RESTful Service
- form_tag and form_for cause #protect_from_forgery errors
- how to check the config.action_controller.session options ?