Displaying 20 results from an estimated 4000 matches similar to: "Cookie based session management problems"
2008 Jun 19
5
How do you create one session cookie for multiple subdomains
I am using the restful authentication plugin and am always prompted to
login if a different subdomain is accessed. I have found a couple rails
"solutions", but none of them seem to work:
# development.rb
1. ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key]
= ".localhost"
2. ActionController::Base.session_options[:key] = ".localhost"
Does anyone
2007 Mar 30
7
Some additional attacks on Cookie Session
Aside from the replay attacks discussed, there are some other attack
vectors on the cookie_session store.
I appreciate (and admire!) Jeremy''s good humor on all of this:
> Planting the seed here led to quick ripening and plenty of pesticide.
> Thanks for the fish, all.
>
> jeremy
Anyway, here''s what we came up with:
1. Brute Force
SHA512 can be computed _very_ fast.
2008 Feb 01
2
Turning off InvalidAuthenticityToken for a RESTful Service
Hi,
I was trying to write a RESTful service and was planning on testing
via tools such as cURL and the basic http libs. With the
InvalidAuthenticityToken piece that is turned by default in Rails
2.0.2, I have to provide the token with each request. This is
something of a pain for a programmable client that may not make a GET
request before performing other actions, specifically POST, PUT and
2008 Apr 09
3
form_tag and form_for cause #protect_from_forgery errors
Hey All,
I''m trying to do a simple form_for (and I also get it with form_tag)
and I''m getting the following error:
ActionView::TemplateError (No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).) on line #2 of
users/new.fbml.erb:
1: <h1>Welcome To Courses, Let''s Get
2008 Feb 09
1
how to check the config.action_controller.session options ?
when setting it in my environment.rb
config.action_controller.session = {
:session_key => ''_myapp_session'',
:secret => ''3a64394bb895f1f05e0c07f71127d93d''
}
I cannot get it back in the script/console ..
:session_key=>"_session_id" !!!
why ?
>> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS
=>
2009 Oct 13
1
config.action_controller.session[:secret] vs protect_from_forgery :secret
What I want to do is share the same session across many Rails applications.
All of them are using Rails 2.2.2. I know that, to share the session, it''s
(supposedly) just a matter of sharing the same key and secret among the
apps, like this:
config.action_controller.session = {
:session_key => ''_apps_session'',
:secret =>
2008 Jan 06
8
ActionController::InvalidAuthenticityToken
Ruby noob here.
Just installed Rails 2.0, and am having trouble with updating DB
tables, using the ApplicationController.
My ApplicationController file looks like:
class StoryController < ApplicationController
protect_from_forgery :only =>
[:create, :update, :destroy]
scaffold :story
#def index
#@current_time = Time.now
#@story =
2008 Sep 15
2
wine handles an app weirdly in ubuntu 8.04
I have a little Windows app which under Windows does not require
installation. When started the first time, it creates in its own
directory three files with desired configuration options I choose at that
time. The next time started it simply uses those files.
I copied the folder with the app and old config files to my Ubuntu 8.04
desktop and here what I have.
1. If I open the app folder in
2007 Aug 15
5
Misc notes concerning view_paths
Hi all,
I''ve been playing in the trunk with putting stuff in different dirs
to keep files from a reusable framework separate from the app files.
Here are a few considerations regarding the view_paths setting:
config.view_path is used to set both action_controller.view_paths and
action_mailer.template_root. We get some buggy/unexpected behavior
here because
2006 Nov 21
3
Fw: re. win32-process
Hi all,
Any ideas for the question below? I know how to do this in theory - make the ''inherit'' flag true, and set the ''stdout'' and ''stderr'' startf_flags hash options to something in the startup_info hash, but I wasn''t sure how to do this in practice.
It would be nice if the answer could be something like this:
require
2023 Jun 07
1
Listen to ARI events
On Wed, Jun 7, 2023 at 10:46 AM TTT <lists at telium.io> wrote:
> I’ve reread the documentation a few times, and what isn’t clear is whether
> I need an app=X parameter in the url. In other words, can I only get
> events for a single named statis app? Or can I get events for the entire
> Asterisk server?
>
>
>
> The command below (without app= parameter) results in
2011 Jan 09
4
[ win32utils-Bugs-28840 ] wrong process_id is returned if using create multiple times for IE
Bugs item #28840, was opened at 2011-01-09 16:55
You can respond by visiting:
http://rubyforge.org/tracker/?func=detail&atid=411&aid=28840&group_id=85
Category: win32-process
Group: None
Status: Open
Resolution: None
Priority: 3
Submitted By: Jarmo Pertman (juuser)
Assigned to: Nobody (None)
Summary: wrong process_id is returned if using create multiple times for IE
Initial Comment:
2006 Jan 17
15
legacy database and finder_sql nightmare!
This is my first rails app with a legacy database and I''m having a
terrible time getting the models set up correctly. I have an order
table that has a primary field named order_number. I have a name table
with a primary of item_number. These two tables are liked by the
item_number and the order_number, but not as you might think. If the
order_number is 2500, then each entry in
2009 Feb 19
1
Switching to ActiveRecord Session Store
I''m having a problem switching from cookie sessions (the default) to
active record sessions.
I''ve created the sessions table via the rake task, uncommented the
line
config.action_controller.session_store = :active_record_store
in my environment.rb file, cleared out my browsers cookies, restarted
the server (natch), but still the it''s using cookie_store instead of
2007 Dec 23
3
InvalidAuthenticityToken problems with my login form
I am trying to convert my codeand to use the new Rails 2.0 feature
RequestForgeryProtection
but I get an InvalidAuthenticityToken error, right from the beginning
with my login form..
I followed the recommandations :
in my environment.rb
config.action_controller.session = {
:session_key => ''myappname'',
:secret =>
2006 Apr 14
3
[ win32utils-Bugs-4101 ] create hash param
Bugs item #4101, was opened at 2006-04-14 11:27
You can respond by visiting:
http://rubyforge.org/tracker/?func=detail&atid=411&aid=4101&group_id=85
Category: win32-process
Group: None
Status: Open
Resolution: None
Priority: 3
Submitted By: Nobody (None)
Assigned to: Nobody (None)
Summary: create hash param
Initial Comment:
hi,
problem with process, when I do
pid = Process.create(
active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview
2007 Oct 03
2
active_record_store sessions does not pass a :secret to #protect_from_forgery in Rails 2.0.0 Preview
After switching to active_record_store to host sessions, I now get the
following errors:
ActionController::InvalidAuthenticityToken in Pages#edit
Showing app/views/pages/edit.html.erb where line #5 raised:
No :secret given to the #protect_from_forgery call. Set that or use a
session store capable of generating its own keys (Cookie Session
Store).
Extracted source (around line #5):
2:
3:
2008 Jan 03
1
help - updated from 1.2.5 to 1.2.6 and getting undefined method 'session=' for ActionController::base
i start the server but it exits right away,
I ran the rake to update and changed the version string in config.rb.
Any thoughts on this matter would be appreciated.
i imagine that it has something to do with the session, but i am not
able to figure it out.
my config/config.rb has the following
config.action_controller.session = {
:session_key => ''c3_rails_session'',
2008 Oct 10
17
authenticity_token sent, still InvalidAuthenticityToken
Hi!
To send the authenticity token from flex back to the server, I followed
this:
http://blog.dt.org/index.php/2008/06/rails-2-flex-3-and-form-authenticity-tokens/
I have two controllers in my rails app. The method described in the link
above works with the actions in one controller, but does not work with
the other.
The controller which does not work has just one action which performs a
file
2007 Jul 21
3
manging rescues
What''s the recommended way to catch errors like this:
NoMethodError in Register#confirm
Showing app/views/register/confirm.rhtml where line #4 raised:
undefined method `namen'' for nil:NilClass
I get this error when someone does somethinh like:
http://.........../register/confirm?email=jkdsfadslkjflksd
If I make:
remail = params[:email]
@user = Request.find(:first,