is this possible? i''m serving a rails app into an iframe and i''m testing in chrome with "block third-party cookies" selected because it''s not safe to assume that third-party cookies won''t be blocked. iframes are treated as third parties so i need the app to function independently of cookies. i''ve done a boatload of googling an fiddling already, and it seems that even if you change ".config.session_store :cookie_store" to active_record_store or mem_cache_store (plus the additional configuration/gems those entail), the persistence of session data is STILL dependent on the availability of cookies, which is kind of a fake out with regards to the name of that config. at this point i have resorted to running memcached putting this: * def write(k,v)* Rails.cache.write(request.remote_ip.gsub(''.'', '''')+k,v) * end* * def read(k)* Rails.cache.read(request.remote_ip.gsub(''.'', '''')+k) * end* in my application_controller and using it as i would "session[:foo] = bar" or "session[:foo]". it works, but i don''t feel great about it due to the nature of IP addresses. is there a better way to accomplish this? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/1a0361dc-d993-459c-a5b3-9e53fe072bc1%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Frederick Cheung
2013-Dec-06 11:34 UTC
Re: Persisting Session Data When Cookies Are Disabled
On Friday, December 6, 2013 3:36:28 AM UTC, Fred Guest wrote:> > is this possible? i''m serving a rails app into an iframe and i''m testing > in chrome with "block third-party cookies" selected because it''s not safe > to assume that third-party cookies won''t be blocked. iframes are treated as > third parties so i need the app to function independently of cookies. i''ve > done a boatload of googling an fiddling already, and it seems that even if > you change ".config.session_store :cookie_store" to active_record_store or > mem_cache_store (plus the additional configuration/gems those entail), the > persistence of session data is STILL dependent on the availability of > cookies, which is kind of a fake out with regards to the name of that > config. >Yes - a cookie is used to record which database row / memcache key to use. The name of the store implies where the actual session data is stored.> > at this point i have resorted to running memcached putting this: > > * def write(k,v)* > Rails.cache.write(request.remote_ip.gsub(''.'', '''')+k,v) > * end* > > * def read(k)* > Rails.cache.read(request.remote_ip.gsub(''.'', '''')+k) > * end* > > in my application_controller and using it as i would "session[:foo] = bar" > or "session[:foo]". it works, but i don''t feel great about it due to the > nature of IP addresses. is there a better way to accomplish this? > >Is it an option for you to pass a session id in the url? Unideal too, but perhaps less unideal than what you currently have. I think this used to be something rails supported, but I seem to remember it getting removed, so you might have to hack that back in. Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/93f96b61-1dd1-459c-be7f-b55dd4aaf534%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
thanks my friend, Freds gotta stick together. yes it seems Rails does not want session ids in urls at all http://guides.rubyonrails.org/action_controller_overview.html#session the other option is to pass around resource ids in urls, it just gets messy. this feels like something a framework should provide a default solution for but i guess not. On Friday, December 6, 2013 6:34:31 AM UTC-5, Frederick Cheung wrote:> > > > On Friday, December 6, 2013 3:36:28 AM UTC, Fred Guest wrote: >> >> is this possible? i''m serving a rails app into an iframe and i''m testing >> in chrome with "block third-party cookies" selected because it''s not safe >> to assume that third-party cookies won''t be blocked. iframes are treated as >> third parties so i need the app to function independently of cookies. i''ve >> done a boatload of googling an fiddling already, and it seems that even if >> you change ".config.session_store :cookie_store" to active_record_store or >> mem_cache_store (plus the additional configuration/gems those entail), the >> persistence of session data is STILL dependent on the availability of >> cookies, which is kind of a fake out with regards to the name of that >> config. >> > > Yes - a cookie is used to record which database row / memcache key to > use. The name of the store implies where the actual session data is stored. > >> >> at this point i have resorted to running memcached putting this: >> >> * def write(k,v)* >> Rails.cache.write(request.remote_ip.gsub(''.'', '''')+k,v) >> * end* >> >> * def read(k)* >> Rails.cache.read(request.remote_ip.gsub(''.'', '''')+k) >> * end* >> >> in my application_controller and using it as i would "session[:foo] = >> bar" or "session[:foo]". it works, but i don''t feel great about it due to >> the nature of IP addresses. is there a better way to accomplish this? >> >> > Is it an option for you to pass a session id in the url? Unideal too, but > perhaps less unideal than what you currently have. I think this used to be > something rails supported, but I seem to remember it getting removed, so > you might have to hack that back in. > > Fred >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/1383e79b-6683-4cae-b7ba-bd246d11205b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.