similar to: Storing an order object in a cookie based session

Hello all, I get the following error when I stuff my seesion with more than 4k of data. CGI::Session::CookieStore::CookieOverflow My problem is that I obviously need a fatter session. How do other users by-pass the 4k restriction on session variables? Regards, John --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups

Folks, I am trying to upgrade system from rails 1.3.x to 2.3.2 and getting this error - Status: 500 Internal Server Error ActionController::Session::CookieStore::CookieOverflow /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/ session/cookie_store.rb:102:in `call'' /usr/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/ reloader.rb:9:in

This might be a solved issue, so I thought I''d ask. I''m trying to use SWFUpload with the cookiestore. I''m passing in the session_id variable through a POST parameter in the upload. I''ve verified that Flash is sending the POST params (Flash 9). I thought simply by setting cookie_only to false for that method, I would be able to get that to work.

All, There is an assertion in AWDWR that the in-memory session store is "too simplistic." However, I find myself nudged in this direction by the need to keep a non-serializable model attribute available in my session and the relative pain of implementing either a custom serialization scheme for the model in question (or a custom caching mechanism so that I can store my attribute

Hi I have a form for importing a csv file. With every entry in my CSV I do a delayed background call from a webservice and the result is then saved to my database. This is working great! Now I tried a CSV file with over 400 rows. After clicking import in my form it takes some time and then I get the following error message: ''ActionDispatch::Cookies::CookieOverflow''. But

Hi! Before Rails 2.0 is coming, I suggest not to make CookieStore the default session storage. It stores clear-text values on the client-side and the integrity check hash can be brute-force attacked. I understand that this has been set due to speed advantages, but I believe it''s better to make better security a default. I''ve written a blog post about this

Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would

I am storing an id in the session data. An action causes the id to change, however, the rendered action has not changed. The server returns a 304 Not Modified code and doesn''t return the cookie. With Rails 2.2.2, I believe it is using the CookieStore for sessions, so I expect the cookie to update. When I hit the site again, the old session data is used. Is there a way to use the new

Edge has a change in default behaviour where sessions are stored as cookies instead of in the file system. This was a pleasant surprise when I synced up, fired up my app, and nothing worked. Ah, life on the edge. I''m sure I''m just missing something, but I can''t get sessions to survive the first redirect. I added the following code to environment.rb, based on

Hi, I recently switched to the cookie session store for my rails app, and I am wondering how I can access some kind of unique identifier for each session between requests. It used to be (when I was using active record store) that the session id was set and that string didn''t change between requests. Now, of course, the session id does change between requests because that is where the

Is it possible to directly access session and cookie objects from within a Model? When I try to read the session object in my User Model I get the following error: NameError (undefined local variable or method `session'' for User:Class): I could pass attributes taken from the session into my method in the User Model, but this seems to go against DRY. -Lindsay -- Posted via

I would like to persist the user authentication between user sessions (basically a "remind me" by default). Sessions expire while cookies persist: why should I use a session for authentication and then another different cookie for the "remind me"? Can''t I simply store a cookie whith a token and use it for both authentication and persistence? -- Posted via

when setting it in my environment.rb config.action_controller.session = { :session_key => ''_myapp_session'', :secret => ''3a64394bb895f1f05e0c07f71127d93d'' } I cannot get it back in the script/console .. :session_key=>"_session_id" !!! why ? >> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS =>

Hi Hoping someone has had experience with this or can tell me where to start investigating. I''ve got a Rails app with Devise authentication running on a server cluster behind a load balancer, so requests to the website will alternately hit one server, or the other. My problem occurs when I try to register a new user. Everything goes fine, I get the confirmation email, I click the link,

i was hoping someone could point me to the place where rails is using the cookie to match the request to the session. i see some session logic in cgi/session, but i can''t seem to find where it actually uses the cookie. fyi, i''m asking because i''m having an issue where i set the user during login, but the redirect following the login is using (or creating) a different

I''ve been looking around for how to store the session ID in a cookie. The "Agile Web Development with Rails" books seems to indicate that this is done by default with Rails. But I don''t see a cookie being set in my browser. (yeah, they''re enabled) I poked through the RForum code to find something referencing "cookies" but nothing came up. Does

I''m trying to set the session cookie secure flag to true. I added the following to my environments/production.rb ActionController::Base.session_options[:secure] = true In the production mode I don''t see the set-cookie header in the server response (I''m using the Tamper Data Firefox tool to view the traffic). I tried removing all cookies, manually setting the domain

If a cookie has several items, and is encoded as JSON text as the value of the cookie, the order is actually apparent in the cookie''s text But if JSON.decode is used: ActiveSupport::JSON.decode(cookies[''item_list'']) and the result is actually in a hash, then the ordering is lost... Is it true that if the original JSON object has an array of hashes (1 key and 1

I have built a few sites with Rails, however I have been approached by a company wanting an e-commerce / online shop built. I would love to build one in rails with the knoweledge I now have. I have the agile book and the pickaxe book they are my reference guide. However there is virtually nothing on creating real world e-commerce sites in rails. They will be selling to both businesses and the

Searching gmane, I''ve found many discussions on the subject, but never a definitive answer. How can I make the session cookie (i.e., the cookie where rails keeps the session ID) persistent? -- Pazu