search for: cookie_sess

.... Cookie Sessions as default === What do you think about using Cookie Sessions instead of database-based by default (in camping/sessions.rb)? It''s much lighter and makes it simpler to create apps without database. It also helps making Camping ORM-agnostic. I''ve fixed this in the cookie_session-branch (requires Rack) available at http://github.com/judofyr/camping/commits/cookie_session (highly based on Jenna''s work) === 4. Renaming camping-unabridged.rb to camping.rb? === I haven''t touched camping.rb at all, do we really need to prove that it''s a micro-fram...

Aside from the replay attacks discussed, there are some other attack vectors on the cookie_session store. I appreciate (and admire!) Jeremy''s good humor on all of this: > Planting the seed here led to quick ripening and plenty of pesticide. > Thanks for the fish, all. > > jeremy Anyway, here''s what we came up with: 1. Brute Force SHA512 can be computed _very_...