similar to: Cookie based session management problems

I am using the restful authentication plugin and am always prompted to login if a different subdomain is accessed. I have found a couple rails "solutions", but none of them seem to work: # development.rb 1. ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key] = ".localhost" 2. ActionController::Base.session_options[:key] = ".localhost" Does anyone

Aside from the replay attacks discussed, there are some other attack vectors on the cookie_session store. I appreciate (and admire!) Jeremy''s good humor on all of this: > Planting the seed here led to quick ripening and plenty of pesticide. > Thanks for the fish, all. > > jeremy Anyway, here''s what we came up with: 1. Brute Force SHA512 can be computed _very_ fast.

Hi, I was trying to write a RESTful service and was planning on testing via tools such as cURL and the basic http libs. With the InvalidAuthenticityToken piece that is turned by default in Rails 2.0.2, I have to provide the token with each request. This is something of a pain for a programmable client that may not make a GET request before performing other actions, specifically POST, PUT and

Hey All, I''m trying to do a simple form_for (and I also get it with form_tag) and I''m getting the following error: ActionView::TemplateError (No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).) on line #2 of users/new.fbml.erb: 1: <h1>Welcome To Courses, Let''s Get

when setting it in my environment.rb config.action_controller.session = { :session_key => ''_myapp_session'', :secret => ''3a64394bb895f1f05e0c07f71127d93d'' } I cannot get it back in the script/console .. :session_key=>"_session_id" !!! why ? >> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS =>

What I want to do is share the same session across many Rails applications. All of them are using Rails 2.2.2. I know that, to share the session, it''s (supposedly) just a matter of sharing the same key and secret among the apps, like this: config.action_controller.session = { :session_key => ''_apps_session'', :secret =>

Ruby noob here. Just installed Rails 2.0, and am having trouble with updating DB tables, using the ApplicationController. My ApplicationController file looks like: class StoryController < ApplicationController protect_from_forgery :only => [:create, :update, :destroy] scaffold :story #def index #@current_time = Time.now #@story =

I have a little Windows app which under Windows does not require installation. When started the first time, it creates in its own directory three files with desired configuration options I choose at that time. The next time started it simply uses those files. I copied the folder with the app and old config files to my Ubuntu 8.04 desktop and here what I have. 1. If I open the app folder in

Hi all, I''ve been playing in the trunk with putting stuff in different dirs to keep files from a reusable framework separate from the app files. Here are a few considerations regarding the view_paths setting: config.view_path is used to set both action_controller.view_paths and action_mailer.template_root. We get some buggy/unexpected behavior here because

Hi all, Any ideas for the question below? I know how to do this in theory - make the ''inherit'' flag true, and set the ''stdout'' and ''stderr'' startf_flags hash options to something in the startup_info hash, but I wasn''t sure how to do this in practice. It would be nice if the answer could be something like this: require

On Wed, Jun 7, 2023 at 10:46 AM TTT <lists at telium.io> wrote: > I’ve reread the documentation a few times, and what isn’t clear is whether > I need an app=X parameter in the url. In other words, can I only get > events for a single named statis app? Or can I get events for the entire > Asterisk server? > > > > The command below (without app= parameter) results in

Bugs item #28840, was opened at 2011-01-09 16:55 You can respond by visiting: http://rubyforge.org/tracker/?func=detail&atid=411&aid=28840&group_id=85 Category: win32-process Group: None Status: Open Resolution: None Priority: 3 Submitted By: Jarmo Pertman (juuser) Assigned to: Nobody (None) Summary: wrong process_id is returned if using create multiple times for IE Initial Comment:

This is my first rails app with a legacy database and I''m having a terrible time getting the models set up correctly. I have an order table that has a primary field named order_number. I have a name table with a primary of item_number. These two tables are liked by the item_number and the order_number, but not as you might think. If the order_number is 2500, then each entry in

I''m having a problem switching from cookie sessions (the default) to active record sessions. I''ve created the sessions table via the rake task, uncommented the line config.action_controller.session_store = :active_record_store in my environment.rb file, cleared out my browsers cookies, restarted the server (natch), but still the it''s using cookie_store instead of

I am trying to convert my codeand to use the new Rails 2.0 feature RequestForgeryProtection but I get an InvalidAuthenticityToken error, right from the beginning with my login form.. I followed the recommandations : in my environment.rb config.action_controller.session = { :session_key => ''myappname'', :secret =>

Bugs item #4101, was opened at 2006-04-14 11:27 You can respond by visiting: http://rubyforge.org/tracker/?func=detail&atid=411&aid=4101&group_id=85 Category: win32-process Group: None Status: Open Resolution: None Priority: 3 Submitted By: Nobody (None) Assigned to: Nobody (None) Summary: create hash param Initial Comment: hi, problem with process, when I do pid = Process.create(

After switching to active_record_store to host sessions, I now get the following errors: ActionController::InvalidAuthenticityToken in Pages#edit Showing app/views/pages/edit.html.erb where line #5 raised: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store). Extracted source (around line #5): 2: 3:

i start the server but it exits right away, I ran the rake to update and changed the version string in config.rb. Any thoughts on this matter would be appreciated. i imagine that it has something to do with the session, but i am not able to figure it out. my config/config.rb has the following config.action_controller.session = { :session_key => ''c3_rails_session'',

Hi! To send the authenticity token from flex back to the server, I followed this: http://blog.dt.org/index.php/2008/06/rails-2-flex-3-and-form-authenticity-tokens/ I have two controllers in my rails app. The method described in the link above works with the actions in one controller, but does not work with the other. The controller which does not work has just one action which performs a file

What''s the recommended way to catch errors like this: NoMethodError in Register#confirm Showing app/views/register/confirm.rhtml where line #4 raised: undefined method `namen'' for nil:NilClass I get this error when someone does somethinh like: http://.........../register/confirm?email=jkdsfadslkjflksd If I make: remail = params[:email] @user = Request.find(:first,