My requirement is to make a controller method to be able to accept session id from cookie, if it is disabled/not available then from request body. This way I will return a session id from login request and use the same session_id for any subsequent request body, if it''s not a browser request. Will this work? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Session is like an hash to store data with an application request. It should work if you store a session while login like session[:user]="Myname_123" it will renmain in the application until or unless you make it nil session[:user]=nil it is versy simple in consept now session id it is identification of an particular session and browser you know I use session in android emulator now your turn On Sun, Dec 30, 2012 at 4:19 PM, Rajesh KT <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> My requirement is to make a controller method to be able to accept > session id from cookie, if it is disabled/not available then from > request body. > > This way I will return a session id from login request and use the same > session_id for any subsequent request body, if it''s not a browser > request. > > Will this work? > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajarshi wrote in post #1090682:> Session is like an hash to store data with an application request. > > It should work if you store a session while login like > session[:user]="Myname_123" > it will renmain in the application until or unless you make it nil > session[:user]=nil > > it is versy simple in consept > > now session id it is identification of an particular session > > and browser you know I use session in android emulator > > now your turnThanks Rajarshi for your reply! But that''s not my question is - let me put in other way: If I am using sessionstore, the _session_id has to be passed through browser cookie. Now, If I disable cookie in the browser the entire system doesn''t work. So, what is the other alternative I can pass the session id through? if cookie is disabled. Tried passing as request parameter, but that doesn''t work. Any suggestion plese? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
you can use many option 1. memcache to store session in server 2.Activerecord to store session id in database so no need of your browser many others On Mon, Dec 31, 2012 at 12:09 PM, Rajesh KT <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Rajarshi wrote in post #1090682: > > Session is like an hash to store data with an application request. > > > > It should work if you store a session while login like > > session[:user]="Myname_123" > > it will renmain in the application until or unless you make it nil > > session[:user]=nil > > > > it is versy simple in consept > > > > now session id it is identification of an particular session > > > > and browser you know I use session in android emulator > > > > now your turn > > Thanks Rajarshi for your reply! > But that''s not my question is - let me put in other way: > If I am using sessionstore, the _session_id has to be passed through > browser cookie. Now, If I disable cookie in the browser the entire > system doesn''t work. So, what is the other alternative I can pass the > session id through? if cookie is disabled. > Tried passing as request parameter, but that doesn''t work. Any > suggestion plese? > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajarshi wrote in post #1090684:> you can use many option > 1. memcache to store session in server > 2.Activerecord to store session id in database so no need of your > browser > > many othersI am using Activerecord only to store the session, but in some way client has to send that session ID to server to retrieve the logged-in session data, otherwise each time server will create a new session ID. Right? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Shiv Narayan Gautam
2012-Dec-31 07:17 UTC
Re: Re: Re: How do I send session id other than from cookie.
Try passing it in the URL. Read more about URL rewriting in case of disabled cookies. It has some disadvantages. http://www.javapractices.com/topic/TopicAction.do?Id=226 -- Shiv On Mon, Dec 31, 2012 at 12:43 PM, Rajesh KT <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Rajarshi wrote in post #1090684: > > you can use many option > > 1. memcache to store session in server > > 2.Activerecord to store session id in database so no need of your > > browser > > > > many others > > I am using Activerecord only to store the session, but in some way > client has to send that session ID to server to retrieve the logged-in > session data, otherwise each time server will create a new session ID. > Right? > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Dheeraj Kumar
2012-Dec-31 07:18 UTC
Re: Re: Re: How do I send session id other than from cookie.
You cannot use sessions without cookies enabled. That said, you might remember what PHP does with the PHPSESSIONID parameter appended to all URLs rendered in the page. You might want to do something similar. -- Dheeraj Kumar On Monday 31 December 2012 at 12:43 PM, Rajesh KT wrote:> Rajarshi wrote in post #1090684: > > you can use many option > > 1. memcache to store session in server > > 2.Activerecord to store session id in database so no need of your > > browser > > > > many others > > I am using Activerecord only to store the session, but in some way > client has to send that session ID to server to retrieve the logged-in > session data, otherwise each time server will create a new session ID. > Right? > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajesh KT
2012-Dec-31 07:22 UTC
Re: Re: Re: How do I send session id other than from cookie.
Shiv Narayan Gautam wrote in post #1090687:> Try passing it in the URL. Read more about URL rewriting in case of > disabled cookies. > > It has some disadvantages. > http://www.javapractices.com/topic/TopicAction.do?Id=226 > > -- > ShivCan this be done in Ruby on Rails? I am aware that it works for JSP and PHP. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Dheeraj Kumar
2012-Dec-31 07:29 UTC
Re: Re: Re: Re: How do I send session id other than from cookie.
It''s not secure, session spoofing is a serious issue. I would encourage not going that route. It can be done in rails, needs a bit of work but sure. Ideally, you''ll alias_method_chain url_for and read the session in a parent controller, like ApplicationController and initialize your current user and any other session information from that. -- Dheeraj Kumar On Monday 31 December 2012 at 12:52 PM, Rajesh KT wrote:> Shiv Narayan Gautam wrote in post #1090687: > > Try passing it in the URL. Read more about URL rewriting in case of > > disabled cookies. > > > > It has some disadvantages. > > http://www.javapractices.com/topic/TopicAction.do?Id=226 > > > > -- > > Shiv > > > > > Can this be done in Ruby on Rails? I am aware that it works for JSP and > PHP. > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajesh KT
2012-Dec-31 07:45 UTC
Re: Re: Re: Re: How do I send session id other than from cookie.
Dheeraj Kumar wrote in post #1090690:> It''s not secure, session spoofing is a serious issue. I would encourage > not going that route. > > It can be done in rails, needs a bit of work but sure. Ideally, you''ll > alias_method_chain url_for and read the session in a parent controller, > like ApplicationController and initialize your current user and any > other session information from that. > > -- > Dheeraj KumarPlease suggest which route to follow, in order to make application work even though cookies are disabled in the browser. Thanks in advance for any help in this line. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajarshi
2012-Dec-31 08:14 UTC
Re: Re: Re: Re: Re: How do I send session id other than from cookie.
you can send encrypted session id for that your url should be like /users?session_id=''dasdadasdas2313124213213_session_application" with encrypted session id now after getting request you have to decrypt the session use base64 for it On Mon, Dec 31, 2012 at 1:15 PM, Rajesh KT <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Dheeraj Kumar wrote in post #1090690: > > It''s not secure, session spoofing is a serious issue. I would encourage > > not going that route. > > > > It can be done in rails, needs a bit of work but sure. Ideally, you''ll > > alias_method_chain url_for and read the session in a parent controller, > > like ApplicationController and initialize your current user and any > > other session information from that. > > > > -- > > Dheeraj Kumar > > Please suggest which route to follow, in order to make application work > even though cookies are disabled in the browser. > > Thanks in advance for any help in this line. > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Dheeraj Kumar
2012-Dec-31 08:19 UTC
Re: Re: Re: Re: Re: How do I send session id other than from cookie.
I just said what you need. chain the url_for method to add session id to the parameters, and read the session id in your application controller, look it up in your session store, active record or memcache, then load whatever information you want from the database. -- Dheeraj Kumar On Monday 31 December 2012 at 1:44 PM, Rajarshi wrote:> you can send encrypted session id for that > > your url should be like /users?session_id=''dasdadasdas2313124213213_session_application" with encrypted session id > > now after getting request you have to decrypt the session > use base64 for it > > On Mon, Dec 31, 2012 at 1:15 PM, Rajesh KT <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org (mailto:lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org)> wrote: > > Dheeraj Kumar wrote in post #1090690: > > > It''s not secure, session spoofing is a serious issue. I would encourage > > > not going that route. > > > > > > It can be done in rails, needs a bit of work but sure. Ideally, you''ll > > > alias_method_chain url_for and read the session in a parent controller, > > > like ApplicationController and initialize your current user and any > > > other session information from that. > > > > > > -- > > > Dheeraj Kumar > > > > Please suggest which route to follow, in order to make application work > > even though cookies are disabled in the browser. > > > > Thanks in advance for any help in this line. > > > > -- > > Posted via http://www.ruby-forum.com/. > > > > -- > > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh4Ykp1iOSErHA@public.gmane.orgm). > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com (mailto:rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Rajesh KT
2012-Dec-31 08:40 UTC
Re: Re: Re: Re: Re: How do I send session id other than from cookie.
Dheeraj Kumar wrote in post #1090693:> I just said what you need. chain the url_for method to add session id to > the parameters, and read the session id in your application controller, > look it up in your session store, active record or memcache, then load > whatever information you want from the database. > > -- > Dheeraj KumarThanks Dheeraj. Truly appreciate if you can point me to some code examples for this. Thanks -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajarshi
2012-Dec-31 10:19 UTC
Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
url_for(:controller => "name of the controller", :action => "name pf the aciont", :session => params[:value]) or users_url(:session => params[:value]) it will create a dybnamic url like /users?session="sdsadsadasdas213213213" and in params[:value] you have to encrypt the session id what you get from database or encode64(params[:value]) now while it i s hitting it will send the request in that reuqest you have to parse it by decode64() and match the session id On Mon, Dec 31, 2012 at 2:10 PM, Rajesh KT <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Dheeraj Kumar wrote in post #1090693: > > I just said what you need. chain the url_for method to add session id to > > the parameters, and read the session id in your application controller, > > look it up in your session store, active record or memcache, then load > > whatever information you want from the database. > > > > -- > > Dheeraj Kumar > > Thanks Dheeraj. Truly appreciate if you can point me to some code > examples for this. > > Thanks > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Dheeraj Kumar
2012-Dec-31 10:26 UTC
Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
Instead of adding a session parameter to every url_for call, alias method chain it. any url helper calls url_for anyway, so you''re good. Make sure the encryption is good with the session id, and don''t use weak ones like base64, they make session spoofing so much easier. -- Dheeraj Kumar On Monday 31 December 2012 at 3:49 PM, Rajarshi wrote:> url_for(:controller => "name of the controller", :action => "name pf the aciont", :session => params[:value]) > > or > > users_url(:session => params[:value]) > it will create a dybnamic url like /users?session="sdsadsadasdas213213213" > > and in params[:value] you have to encrypt the session id what you get from database > or encode64(params[:value]) > > now while it i s hitting it will send the request in that reuqest you have to parse it by decode64() and match the session id > > > On Mon, Dec 31, 2012 at 2:10 PM, Rajesh KT <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org (mailto:lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org)> wrote: > > Dheeraj Kumar wrote in post #1090693: > > > I just said what you need. chain the url_for method to add session id to > > > the parameters, and read the session id in your application controller, > > > look it up in your session store, active record or memcache, then load > > > whatever information you want from the database. > > > > > > -- > > > Dheeraj Kumar > > > > Thanks Dheeraj. Truly appreciate if you can point me to some code > > examples for this. > > > > Thanks > > > > -- > > Posted via http://www.ruby-forum.com/. > > > > -- > > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajarshi
2012-Dec-31 10:41 UTC
Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
yes I know On Mon, Dec 31, 2012 at 3:56 PM, Dheeraj Kumar <a.dheeraj.kumar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>wrote:> Instead of adding a session parameter to every url_for call, alias method > chain it. any url helper calls url_for anyway, so you''re good. > > Make sure the encryption is good with the session id, and don''t use weak > ones like base64, they make session spoofing so much easier. > > -- > Dheeraj Kumar > > On Monday 31 December 2012 at 3:49 PM, Rajarshi wrote: > > url_for(:controller => "name of the controller", :action => "name pf the > aciont", :session => params[:value]) > > or > > users_url(:session => params[:value]) > it will create a dybnamic url like /users?session="sdsadsadasdas213213213" > > and in params[:value] you have to encrypt the session id what you get from > database > or encode64(params[:value]) > > now while it i s hitting it will send the request in that reuqest you have > to parse it by decode64() and match the session id > > > On Mon, Dec 31, 2012 at 2:10 PM, Rajesh KT <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote: > > Dheeraj Kumar wrote in post #1090693: > > I just said what you need. chain the url_for method to add session id to > > the parameters, and read the session id in your application controller, > > look it up in your session store, active record or memcache, then load > > whatever information you want from the database. > > > > -- > > Dheeraj Kumar > > Thanks Dheeraj. Truly appreciate if you can point me to some code > examples for this. > > Thanks > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajesh KT
2013-Jan-01 19:00 UTC
Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
Dheeraj Kumar wrote in post #1090702:> Instead of adding a session parameter to every url_for call, alias > method chain it. any url helper calls url_for anyway, so you''re good. > > Make sure the encryption is good with the session id, and don''t use weak > ones like base64, they make session spoofing so much easier. > > -- > Dheeraj KumarAre you referring this way: http://brantinteractive.com/2008/05/13/cookieless-sessions-in-rails/ When I try below code in my application controller, it gives an error saying - undefined method `session_id'' for #<ActionDispatch::Session::AbstractStore::SessionHash:0x13423c80> def default_url_options(options) # set a cookie if it''s nil cookies[:_session_id] ||= { :value => ''true'', :expires => 10.seconds.from_now } { :_session_id => (request.xhr? ? params[:_session_id] : session.session_id) } unless cookies[:_session_id] end Am I missing something here? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajesh KT
2013-Jan-01 19:01 UTC
Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
Btw, I am using rails 3.0.5. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Dheeraj Kumar
2013-Jan-01 19:03 UTC
Re: Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
replace session.session_id it with session[:session_id] I don''t think it''s a hash with indifferent access. -- Dheeraj Kumar On Wednesday 2 January 2013 at 12:31 AM, Rajesh KT wrote:> Btw, I am using rails 3.0.5. > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajesh KT
2013-Jan-01 19:18 UTC
Re: Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
Dheeraj Kumar wrote in post #1090761:> replace session.session_id it with session[:session_id] > > I don''t think it''s a hash with indifferent access. > > -- > Dheeraj KumarNo, it doesn''t work, it creates a new session id even if I pass a logged in session ID though URL. Console log says; ::: Checking session expiry ::: Initializing session expiry. Expires at 2013-01-02 01:30:41 +0530 Redirected to http://localhost:3000/ -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Dheeraj Kumar
2013-Jan-01 19:23 UTC
Re: Re: Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
I haven''t read through the article you posted, but from a glance, it doesn''t look like what I was talking about. -- Dheeraj Kumar On Wednesday 2 January 2013 at 12:48 AM, Rajesh KT wrote:> Dheeraj Kumar wrote in post #1090761: > > replace session.session_id it with session[:session_id] > > > > I don''t think it''s a hash with indifferent access. > > > > -- > > Dheeraj Kumar > > > > > No, it doesn''t work, it creates a new session id even if I pass a logged > in session ID though URL. > Console log says; > ::: Checking session expiry > ::: Initializing session expiry. Expires at 2013-01-02 01:30:41 +0530 > Redirected to http://localhost:3000/ > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org (mailto:rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org). > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajesh KT
2013-Jan-01 19:38 UTC
Re: Re: Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
Dheeraj Kumar wrote in post #1090763:> I haven''t read through the article you posted, but from a glance, it > doesn''t look like what I was talking about. > > -- > Dheeraj KumarHonestly speaking, Didn''t quite understand the approach that you are talking. Could you please explain by putting some working code? So far, googled around nothing worked for me :(. Thanks a ton. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Rajesh KT
2013-Jan-01 19:45 UTC
Re: Re: Re: Re: Re: Re: Re: Re: How do I send session id other than from cookie.
Rajesh KT wrote in post #1090764:> Dheeraj Kumar wrote in post #1090763: >> I haven''t read through the article you posted, but from a glance, it >> doesn''t look like what I was talking about. >> >> -- >> Dheeraj Kumar > > Honestly speaking, Didn''t quite understand the approach that you are > talking. > Could you please explain by putting some working code? So far, googled > around nothing worked for me :(. Thanks a ton.I would have to initialize the session with the ID, each time I access any URL containing a session ID, or else checking of session expiry will will redirect to the root URL. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.