Rails - Dec 2013 - Persisting Session Data When Cookies Are Disabled

is this possible? i''m serving a rails app into an iframe and
i''m testing in
chrome with "block third-party cookies" selected because it''s
not safe to
assume that third-party cookies won''t be blocked. iframes are treated
as
third parties so i need the app to function independently of cookies.
i''ve
done a boatload of googling an fiddling already, and it seems that even if 
you change ".config.session_store :cookie_store" to
active_record_store or
mem_cache_store (plus the additional configuration/gems those entail), the 
persistence of session data is STILL dependent on the availability of 
cookies, which is kind of a fake out with regards to the name of that 
config.

at this point i have resorted to running memcached putting this:

*  def write(k,v)*
    Rails.cache.write(request.remote_ip.gsub(''.'',
'''')+k,v)
*  end*

*  def read(k)*
    Rails.cache.read(request.remote_ip.gsub(''.'',
'''')+k)
*  end*

in my application_controller and using it as i would "session[:foo] =
bar"
or "session[:foo]". it works, but i don''t feel great about it
due to the
nature of IP addresses. is there a better way to accomplish this?

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/1a0361dc-d993-459c-a5b3-9e53fe072bc1%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Friday, December 6, 2013 3:36:28 AM UTC, Fred Guest
wrote:
>
> is this possible? i''m serving a rails app into an iframe and
i''m testing
> in chrome with "block third-party cookies" selected because
it''s not safe
> to assume that third-party cookies won''t be blocked. iframes are
treated as
> third parties so i need the app to function independently of cookies.
i''ve
> done a boatload of googling an fiddling already, and it seems that even if 
> you change ".config.session_store :cookie_store" to
active_record_store or
> mem_cache_store (plus the additional configuration/gems those entail), the 
> persistence of session data is STILL dependent on the availability of 
> cookies, which is kind of a fake out with regards to the name of that 
> config.
>
Yes - a cookie is used to record  which database row / memcache key to use. 
The name of the store implies where the actual session data is stored.
>
> at this point i have resorted to running memcached putting this:
>
> *  def write(k,v)*
>     Rails.cache.write(request.remote_ip.gsub(''.'',
'''')+k,v)
> *  end*
>
> *  def read(k)*
>     Rails.cache.read(request.remote_ip.gsub(''.'',
'''')+k)
> *  end*
>
> in my application_controller and using it as i would "session[:foo] =
bar"
> or "session[:foo]". it works, but i don''t feel great
about it due to the
> nature of IP addresses. is there a better way to accomplish this?
>
>  
Is it an option for you to pass a session id in the url? Unideal too, but 
perhaps less unideal than what you currently have. I think this used to be 
something rails supported, but I seem to remember it getting removed, so 
you might have to hack that back in.

Fred

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/93f96b61-1dd1-459c-be7f-b55dd4aaf534%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

thanks my friend, Freds gotta stick together. yes it seems Rails does not 
want session ids in urls at 
all http://guides.rubyonrails.org/action_controller_overview.html#session 
the other option is to pass around resource ids in urls, it just gets 
messy. this feels like something a framework should provide a default 
solution for but i guess not.


On Friday, December 6, 2013 6:34:31 AM UTC-5, Frederick Cheung
wrote:
>
>
>
> On Friday, December 6, 2013 3:36:28 AM UTC, Fred Guest wrote:
>>
>> is this possible? i''m serving a rails app into an iframe and
i''m testing
>> in chrome with "block third-party cookies" selected because
it''s not safe
>> to assume that third-party cookies won''t be blocked. iframes
are treated as
>> third parties so i need the app to function independently of cookies.
i''ve
>> done a boatload of googling an fiddling already, and it seems that even
if
>> you change ".config.session_store :cookie_store" to
active_record_store or
>> mem_cache_store (plus the additional configuration/gems those entail),
the
>> persistence of session data is STILL dependent on the availability of 
>> cookies, which is kind of a fake out with regards to the name of that 
>> config.
>>
>
> Yes - a cookie is used to record  which database row / memcache key to 
> use. The name of the store implies where the actual session data is stored.
>
>>
>> at this point i have resorted to running memcached putting this:
>>
>> *  def write(k,v)*
>>     Rails.cache.write(request.remote_ip.gsub(''.'',
'''')+k,v)
>> *  end*
>>
>> *  def read(k)*
>>     Rails.cache.read(request.remote_ip.gsub(''.'',
'''')+k)
>> *  end*
>>
>> in my application_controller and using it as i would
"session[:foo] =
>> bar" or "session[:foo]". it works, but i don''t
feel great about it due to
>> the nature of IP addresses. is there a better way to accomplish this?
>>
>>  
> Is it an option for you to pass a session id in the url? Unideal too, but 
> perhaps less unideal than what you currently have. I think this used to be 
> something rails supported, but I seem to remember it getting removed, so 
> you might have to hack that back in.
>
> Fred
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/1383e79b-6683-4cae-b7ba-bd246d11205b%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.