similar to: Session data and 304 Not Modified HTTP code

Displaying 20 results from an estimated 30000 matches similar to: "Session data and 304 Not Modified HTTP code"

2009 Oct 17
3
Security problems with CookieStore and CSRF protection
Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would
2008 Jan 20
3
CookieStore and Session data via POST vars (no cookies)
This might be a solved issue, so I thought I''d ask. I''m trying to use SWFUpload with the cookiestore. I''m passing in the session_id variable through a POST parameter in the upload. I''ve verified that Flash is sending the POST params (Flash 9). I thought simply by setting cookie_only to false for that method, I would be able to get that to work.
2007 Mar 30
0
Storing an order object in a cookie based session
I have a simple e-commerce store and am running into a problem with the edge rails cookie based sessions. What I am trying to do is make the customer fill in their info, and click "Review my Order". The order object is contructed, and stored in the session (if it passes validation). The is sent to another page where they can confirm all their info and press the "finalize
2008 Jul 09
3
CookieOverflow - 4k Session?
Hello all, I get the following error when I stuff my seesion with more than 4k of data. CGI::Session::CookieStore::CookieOverflow My problem is that I obviously need a fatter session. How do other users by-pass the 4k restriction on session variables? Regards, John --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups
2009 Sep 25
0
Authentication with Cookies instead of CookieStore Sessions
I would like to persist the user authentication between user sessions (basically a "remind me" by default). Sessions expire while cookies persist: why should I use a session for authentication and then another different cookie for the "remind me"? Can''t I simply store a cookie whith a token and use it for both authentication and persistence? -- Posted via
2010 Nov 25
4
Devise sessions and load-balanced/multiple servers
Hi Hoping someone has had experience with this or can tell me where to start investigating. I''ve got a Rails app with Devise authentication running on a server cluster behind a load balancer, so requests to the website will alternately hit one server, or the other. My problem occurs when I try to register a new user. Everything goes fine, I get the confirmation email, I click the link,
2008 Feb 09
1
how to check the config.action_controller.session options ?
when setting it in my environment.rb config.action_controller.session = { :session_key => ''_myapp_session'', :secret => ''3a64394bb895f1f05e0c07f71127d93d'' } I cannot get it back in the script/console .. :session_key=>"_session_id" !!! why ? >> ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS =>
2008 Dec 25
2
Switching to active_record_store session management errors out
Hello, Running Ruby 1.8.6 and Rails 2.2.2 against an Oracle XE database (sigh). I just upgraded Rails from 1.2.3 to 2.2.2, which made my cookie based system for storing session information to error out due to the 4Kb limit. So, I tried to turn on the active_record_store system by un- commenting out the "config.action_controller.session_store = :active_record_store" line in
2009 May 20
1
Problem on rack_setup
I''m having problems trying to set up facebooker on a Rails 2.3.2 project using :active_record_store for cookies. The problem happens because of this commit: http://github.com/mmangino/facebooker/commit/308770447db06433e505aaf27db2614cee213cc2 That code is trying to add the Rack::Facebook to the dispatch chain after ActionController::RewindableInput or
2009 Feb 19
1
Switching to ActiveRecord Session Store
I''m having a problem switching from cookie sessions (the default) to active record sessions. I''ve created the sessions table via the rake task, uncommented the line config.action_controller.session_store = :active_record_store in my environment.rb file, cleared out my browsers cookies, restarted the server (natch), but still the it''s using cookie_store instead of
2013 Jul 14
2
Rails 4: Session Expiry?
I''ve been Googling this question for the past few hours, and I think it''s time I simply ask this question myself. I just made the switch from Rails 3.2 to Rails 4. I''m trying to make sure I''m as up-to-speed as possible on security issues, and I''m concerned about sessions right now. It looks like Rails 4 has moved away from supporting really
2008 Apr 02
1
facebooker plugin!?
I''m trying to create a facebook application but I have no success. I either get one of those two errors depending on which revision of the plugin I use: CGI::Session::CookieStore::TamperedWithCookie (Using plugin from directory) or ActionView::TemplateError (Session key invalid or no longer valid) (Using plugin from a week ago or so). Has anyone successfully gotten an app that as to
2012 Feb 26
0
Served asset /application.css - 304 Not Modified
Hi I am thinking to hide warning that is ”Served asset /application.css - 304 Not Modified”. How can I fix something if I change the settings? I''ve run that is less than server: rails new myapp cd myapp rake db:migrate rails s client: http://localhost:3000/books warning: Started GET "/assets/books.css?body=1" for 127.0.0.1 at 2012-02-26 14:48:35 +0900 Served asset /books.css
2007 Nov 20
29
Don't make cookie-stored sessions a default
Hi! Before Rails 2.0 is coming, I suggest not to make CookieStore the default session storage. It stores clear-text values on the client-side and the integrity check hash can be brute-force attacked. I understand that this has been set due to speed advantages, but I believe it''s better to make better security a default. I''ve written a blog post about this
2014 Mar 10
0
AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate
2014 Mar 10
0
AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate
2007 Oct 05
8
Cookie session handling?
Hi, I and a few folks on #camping thought it would be nice to have either cookie based or file based session handling. This would eliminate the need for creating a sessions table in the database (or a sequence), which feels too heavy for a lightweight framework like Camping anyway. Plus, we can more easily avoid nasty adapter errors. :) The general consensus was to create a separate
2006 Jan 08
6
Persistent session cookies?
It seems Rails sessions by default only last, well, a browsing session. If the Rails app keeps track of logged-in state by sessions, that state doesn''t survive restarting the browser. How best to change this behaviour, to make the session cookie live forever, or at least beyond browser restarts? It was suggested to me on IRC to combine sessions with code to generate a unique id and
2012 Oct 30
0
Can't set a secure session cookie
I''m trying to set the session cookie secure flag to true. I added the following to my environments/production.rb ActionController::Base.session_options[:secure] = true In the production mode I don''t see the set-cookie header in the server response (I''m using the Tamper Data Firefox tool to view the traffic). I tried removing all cookies, manually setting the domain
2006 Apr 18
1
''depot''app, trouble with session / cookies
Many of you probably know the ''depot'' app from the ''Agile Rails development'' book. When the view changes from ''Store'' to ''display_cart,'' a session containing the shopping-cart (:cart) is supposed maintain the ''cart'' between calls, but when the display_cart stub view shows up, I have always ZERO elements