Displaying 20 results from an estimated 20 matches for "cookiestor".
Did you mean:
cookiestore
2008 Jan 20
3
CookieStore and Session data via POST vars (no cookies)
This might be a solved issue, so I thought I''d ask. I''m trying to use
SWFUpload with the cookiestore. I''m passing in the session_id
variable through a POST parameter in the upload. I''ve verified that
Flash is sending the POST params (Flash 9).
I thought simply by setting cookie_only to false for that method, I
would be able to get that to work. Turned out I had to do a...
2009 Oct 17
3
Security problems with CookieStore and CSRF protection
...ications. These tools work by taking formally specified
properties of interest, and then analyzing code to verify that those
properties indeed hold. Using these tools, we found some security
vulnerabilities in Rails, and we would like to get a sense of how
important these are in practice.
1. Using CookieStore opens the door to "replay attacks", whose
importance is, we feel, underestimated. A dishonest user can replay an
old session to fool the server, of course; but more critically, it may
be possible for an attacker to steal a cookie from an honest user
after the latter is authenticated, and...
2007 Nov 26
0
Patch: more secure secret key generation for CookieStore
I''ve created a patch for generating more a secure default secret key
for CookieStore: http://dev.rubyonrails.org/ticket/10286
I''m looking for +1s, please review/comment on my patch.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To post to this group, se...
2009 Sep 25
0
Authentication with Cookies instead of CookieStore Sessions
I would like to persist the user authentication between user sessions
(basically a "remind me" by default).
Sessions expire while cookies persist: why should I use a session for
authentication and then another different cookie for the "remind me"?
Can''t I simply store a cookie whith a token and use it for both
authentication and persistence?
--
Posted via
2008 Jul 09
3
CookieOverflow - 4k Session?
Hello all,
I get the following error when I stuff my seesion with more than 4k of
data.
CGI::Session::CookieStore::CookieOverflow
My problem is that I obviously need a fatter session.
How do other users by-pass the 4k restriction on session variables?
Regards,
John
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on...
2007 Nov 20
29
Don't make cookie-stored sessions a default
Hi!
Before Rails 2.0 is coming, I suggest not to make CookieStore the
default session storage. It stores clear-text values on the client-side
and the integrity check hash can be brute-force attacked.
I understand that this has been set due to speed advantages, but I
believe it''s better to make better security a default.
I''ve written a blog po...
2010 Nov 25
4
Devise sessions and load-balanced/multiple servers
...register a new user. Everything goes fine, I get the confirmation
email, I click the link, it hits the confirmation page and then goes
directly to the sign in page, instead of proceeding to the
user_root_path. The account IS marked as confirmed in the database
though. I thought perhaps the default CookieStore for sessions was
causing problems, so I tried the ActiveRecord store, with the same
results.
When I try the exact same app/code on my local machine, or on the
cluster with only one of the servers active, it works perfectly.
Anyone have any ideas on this, or where to start looking for the
problem...
2009 May 20
1
Problem on rack_setup
...ive_record_store for cookies. The problem happens
because of this commit:
http://github.com/mmangino/facebooker/commit/308770447db06433e505aaf27db2614cee213cc2
That code is trying to add the Rack::Facebook to the dispatch chain
after ActionController::RewindableInput or
ActionController::Session::CookieStore if the first one is not found.
The problem in my case is that I''m not using cookies, so this sould
fall back to ActiveRecord::SessionStore.
I could provide a patch, but wanted to be sure if what I''m saying is correct.
Thanks!
Carlos K.
--
http://www.ckozus.com
http://www.in...
2008 Feb 09
1
how to check the config.action_controller.session options ?
...sole ..
:session_key=>"_session_id" !!!
why ?
>> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS
=> {:session_key=>"_session_id", :cookie_only=>true, :session_path=>"/",
:prefix=>"ruby_sess.", :database_manager=>CGI::Session::CookieStore,
:tmpdir=>"/Users/myself/tmp/sessions/"}
how can get back the :session_key and :secret in my controllers ?
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups &quo...
2009 Apr 20
1
Upgrading rails to 2.3.2 - CookieOverflow issue
Folks,
I am trying to upgrade system from rails 1.3.x to 2.3.2 and getting
this error -
Status: 500 Internal Server Error
ActionController::Session::CookieStore::CookieOverflow
/usr/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/
session/cookie_store.rb:102:in `call''
/usr/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/
reloader.rb:9:in `call''
/usr/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/actio...
2008 Apr 02
1
facebooker plugin!?
I''m trying to create a facebook application but I have no success. I
either get one of those two errors depending on which revision of the
plugin I use:
CGI::Session::CookieStore::TamperedWithCookie (Using plugin from directory)
or
ActionView::TemplateError (Session key invalid or no longer valid)
(Using plugin from a week ago or so).
Has anyone successfully gotten an app that as to be added
(ensure_application_is_installed_by_facebook_user) and uses FBML (not
iframe) ?...
2010 Feb 09
4
Rails3 pre and protect_from_forgery
I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having
some trouble with protect_from_forgery. I had protect_from_forgery set
in application_controller.rb, but run some uploadify ajax stuff in one
of my controllers, where I had protect_from_forgery, :except
=> :add_file set.
In rails 3 I''m getting ActionController::InvalidAuthenticityToken on
the ajax
2010 Dec 15
2
Error reverse engineering MySQL with RMRE
...iveSupport::Cache::Strategy::LocalCache
Rack::Runtime
Rails::Rack::Logger
ActionDispatch::ShowExceptions
ActionDispatch::RemoteIp
Rack::Sendfile
ActionDispatch::Callbacks
ActiveRecord::ConnectionAdapters::ConnectionManagement
ActiveRecord::QueryCache
ActionDispatch::Cookies
ActionDispatch::Session::CookieStore
ActionDispatch::Flash
ActionDispatch::ParamsParser
Rack::MethodOverride
ActionDispatch::Head
ActionDispatch::BestStandardsSupport
Application root /root/test/app
Environment development
Database adapter mysql2
Database schema version 0
======
% rmre -a mysql -d test -u root
/usr/local/rvm/gems/ru...
2007 Mar 30
0
Storing an order object in a cookie based session
...he order object is contructed, and stored in
the session (if it passes validation). The is sent to another page
where they can confirm all their info and press the "finalize order"
button.
The problem is that the order object is too large to fit in the session,
and I get a CGI::Session::CookieStore::CookieOverflow exception. The
addresses and other customer data overflow the 4k limit.
So, without switching session stores, whats the best way to fix this? I
don''t really want to store the order object in the session, but it
seemed like the easiest option.
I thought about only stori...
2008 Jan 21
1
shared sessions and rails2
Hi all
How would you go about sharing a session between two rails2 applications? I
am using restful_authentication.
A point in the direction of some relevant blogs would also be a great help.
Regards
Ivor
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group,
2009 Mar 20
0
Session data and 304 Not Modified HTTP code
I am storing an id in the session data. An action causes the id to
change, however, the rendered action has not changed. The server
returns a 304 Not Modified code and doesn''t return the cookie. With
Rails 2.2.2, I believe it is using the CookieStore for sessions, so I
expect the cookie to update.
When I hit the site again, the old session data is used. Is there a
way to use the new session data?
Thanks,
Jeff.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups &qu...
2007 Dec 04
5
when to save, session reflect saves?
I am trying to clean up unnecessary lines (even as I hack my way forward
adding more garbage)
I have two questions on lines I have trying to keep the database and
session info reflecting changes:
def associate_pupil_to_teacher
@teacher = session[:teacher]
@pupil = Pupil.find(params[:id])
@teacher.pupils << @pupil
@teacher.save #Q1
session[:teacher] = @teacher #Q2
end
#Q1 do i
2008 Mar 01
15
before_filter strange behaviour on update and create
Hi,
I wrote a authentication script and I''m calling it like this in every
class:
class Blah < ApplicationController
before_filter :auth
def auth
req_perm = Permission.find_by_name("Permission Blah")
access = AccessController.new()
if access.is_logged_in(session.session_id)
if
!access.get_current_user(session.session_id).role.permissions.include?
req_perm
redirect_to
2007 Sep 18
10
Routes
hi all,
I want to move some routing tasks out of the router and into the
controller. The goal is to make Merb feel less like mod_rewrite and
give the user more control at the controller. The new Router is
simple: it takes the path_info (not the whole request) then outputs a
controller class and some parameters from the path matching. The rest
of the routing would be done at the controller level.
2010 Apr 14
35
Conditionally adding a link to a form -- how?
I''ve got two entities created by scaffolding: Expense & Vendor
In Expense#new there''s a form with a Vendors-drop-down and a NewVendor-
button.
The latter button brings up Vendor#new.
The Create button in Vendor#new brings up Vendor#show with Edit & Back
links.
I want to append a third link conditionally to Vendor#show: if the
Expense#new form led to the Vendor#show