similar to: CookieStore and Session data via POST vars (no cookies)

when setting it in my environment.rb config.action_controller.session = { :session_key => ''_myapp_session'', :secret => ''3a64394bb895f1f05e0c07f71127d93d'' } I cannot get it back in the script/console .. :session_key=>"_session_id" !!! why ? >> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS =>

Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would

I would like to persist the user authentication between user sessions (basically a "remind me" by default). Sessions expire while cookies persist: why should I use a session for authentication and then another different cookie for the "remind me"? Can''t I simply store a cookie whith a token and use it for both authentication and persistence? -- Posted via

I''ve created a patch for generating more a secure default secret key for CookieStore: http://dev.rubyonrails.org/ticket/10286 I''m looking for +1s, please review/comment on my patch. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email

Hello all, I get the following error when I stuff my seesion with more than 4k of data. CGI::Session::CookieStore::CookieOverflow My problem is that I obviously need a fatter session. How do other users by-pass the 4k restriction on session variables? Regards, John --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups

Hello everyone, Just curious if ices supports dynamic playlists... I would like to generate one on the fly based on user requests etc. I'm startnig to go through icedj's source code to see how they use shout. I'd just use that, but I'm having trouble with shout. Thanks, Sujal -- ---- Sujal Shah --- sujal@sujal.net --- http://www.sujal.net Now Playing:

Asymmetric wrote: [SNIP] > > I don't know (don't use ices) but I thought I should inform you.. taking > user requests may cause you to violate the RIAA rules regarding that > topic, depending on how you handle it. Be careful. ;) > It's for my office... I'd love to play my CDs on my radio, but it would disturb those that don't like my music. Some do, so

Recently, I got this security vulnerability on my app: Ruby on Rails Multiple Method Session Fixation Synopsis : The remote web server is affected by a session fixation vulnerability. Description : The web server on the remote host appears to be a version of Ruby on Rails that supports URL-based sessions. An unauthenticated remote attacker may be able to

I''m trying to create a facebook application but I have no success. I either get one of those two errors depending on which revision of the plugin I use: CGI::Session::CookieStore::TamperedWithCookie (Using plugin from directory) or ActionView::TemplateError (Session key invalid or no longer valid) (Using plugin from a week ago or so). Has anyone successfully gotten an app that as to

Folks, I am trying to upgrade system from rails 1.3.x to 2.3.2 and getting this error - Status: 500 Internal Server Error ActionController::Session::CookieStore::CookieOverflow /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/ session/cookie_store.rb:102:in `call'' /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/ reloader.rb:9:in

I''m having problems trying to set up facebooker on a Rails 2.3.2 project using :active_record_store for cookies. The problem happens because of this commit: http://github.com/mmangino/facebooker/commit/308770447db06433e505aaf27db2614cee213cc2 That code is trying to add the Rack::Facebook to the dispatch chain after ActionController::RewindableInput or

Hi! Before Rails 2.0 is coming, I suggest not to make CookieStore the default session storage. It stores clear-text values on the client-side and the integrity check hash can be brute-force attacked. I understand that this has been set due to speed advantages, but I believe it''s better to make better security a default. I''ve written a blog post about this

Hi Hoping someone has had experience with this or can tell me where to start investigating. I''ve got a Rails app with Devise authentication running on a server cluster behind a load balancer, so requests to the website will alternately hit one server, or the other. My problem occurs when I try to register a new user. Everything goes fine, I get the confirmation email, I click the link,

Hi everyone, The Linux Coda drivers and the ext3 patches don't seem to get along very well, at least in Linux 2.4.7. I've got a stock 2.4.7 kernel with a patch applied to the USB drivers (for a sony digital camera; see http://www.sujal.net/tech/linux/ just a change in unusual_devs.h). After I applied the ext3 patches from http://www.uow.edu.au/~andrewm/linux/ext3/ . Basically,

Hi I am been trying in vain to auto-gen models by reverse-engineering mysql using RMRE. It complains mysql2 gem missing but as seen in my Rails environment below, it is there. Here''s my Rails environment and RMRE error. Experts... please help! Thanks a ton in advance!! === Ruby version 1.9.2 (x86_64-linux) RubyGems version 1.3.7 Rack version 1.2 Rails version 3.0.3 Active Record

I have a simple e-commerce store and am running into a problem with the edge rails cookie based sessions. What I am trying to do is make the customer fill in their info, and click "Review my Order". The order object is contructed, and stored in the session (if it passes validation). The is sent to another page where they can confirm all their info and press the "finalize

I''ve almost entirely converted a rails 2.3.5 app to 3pre. I''m having some trouble with protect_from_forgery. I had protect_from_forgery set in application_controller.rb, but run some uploadify ajax stuff in one of my controllers, where I had protect_from_forgery, :except => :add_file set. In rails 3 I''m getting ActionController::InvalidAuthenticityToken on the ajax

Hello, I am using the following model model1=lmer(PairFrequency~MatingPair+(1|DrugPair)+(1|DrugPair:MatingPair), data=MateChoice, REML=F) 1. After reading around through the R help, I have learned that the above code is the right way to analyze a mixed model with the MatingPair as the fixed effect, DrugPair as the random effect and the interaction between these two as the random effect as well.

I am storing an id in the session data. An action causes the id to change, however, the rendered action has not changed. The server returns a 304 Not Modified code and doesn''t return the cookie. With Rails 2.2.2, I believe it is using the CookieStore for sessions, so I expect the cookie to update. When I hit the site again, the old session data is used. Is there a way to use the new

Hi all How would you go about sharing a session between two rails2 applications? I am using restful_authentication. A point in the direction of some relevant blogs would also be a great help. Regards Ivor --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group,