Displaying 20 results from an estimated 20000 matches similar to: "Authentication with Cookies instead of CookieStore Sessions"
2008 Jan 20
3
CookieStore and Session data via POST vars (no cookies)
This might be a solved issue, so I thought I''d ask. I''m trying to use
SWFUpload with the cookiestore. I''m passing in the session_id
variable through a POST parameter in the upload. I''ve verified that
Flash is sending the POST params (Flash 9).
I thought simply by setting cookie_only to false for that method, I
would be able to get that to work.
2009 Oct 17
3
Security problems with CookieStore and CSRF protection
Dear Rails community,
As part of a programming languages/security research group at the
University of Maryland, we are building some static analysis tools for
Rails applications. These tools work by taking formally specified
properties of interest, and then analyzing code to verify that those
properties indeed hold. Using these tools, we found some security
vulnerabilities in Rails, and we would
2006 Feb 19
0
Re: can store array or hash in cookies?
Not a bug. A cookie is just a string. You can turn anything into a
string and store it in a cookie. Something very simple like the
following might work for you:
array_for_cookie = [1,4,5,7]
cookies[:foo] = array_for_cookie .to_s
array_from_cookie = cookies[:foo][1..-2].split('','')
(And if you are just storing a single integer in a cookie be sure to
turn it into a
2006 Jan 11
0
Cookies, models and nil objects
Still new in my ROR walk, been busily coding on a game application as a
fruitful exercise in becoming proficient in Ruby/ROR. However, I seem to
have hit a speed bump and am befuddled over some exhibited behavior in
ROR.
1. **Cookies** - on page 312 of the AWDwR book by DT and DHH, it states
that if you create a cookie by assigning a value to cookies[name], you
get a "default set of
2003 Oct 12
0
idea (and patch): connection cookies
I have an idea for a protocol extension to limit the exposure of the
complex crypto code in ssh servers. It's like tcp-wrappers, but based
on a secret token rather than IP address.
Patch against openssh-3.7.1p2:
http://nick.cleaton.net/openssh-cc-0.03.patch
Details
=======
The "Connection Cookies" mechanism is an unofficial ssh protocol
extension designed to prevent attackers
2009 Aug 20
0
Facebook cookies and cross domain sessions
Hi,
I wonder if can quiz anyone on how to solve a problem. I use our
Facebook app to take payments so we have to access our app outside of
the Facebook Canvas for a few controllers (and only minimally). We have
a system working fine and we have a token based login to ensure its the
same user on the external pages.
The problem is we want to perform an action, set some flash messages
and
2006 Jul 08
0
Testing cookies - integration tests
Hello,
I''m trying to test some cookie code with some integration tests, but I''m
not sure if this is possible.
Currently I''m creating a session (using open_session) running some code
that sets my cookie and this works fine, the cookie is being set. Now
cookies are supposed to exist across different sessions, so I try to
create a new session (again with
2006 Apr 18
1
''depot''app, trouble with session / cookies
Many of you probably know the ''depot'' app from the ''Agile Rails
development'' book.
When the view changes from ''Store'' to ''display_cart,'' a session
containing the shopping-cart (:cart) is supposed maintain the ''cart''
between calls, but when the display_cart stub view shows up, I have
always ZERO elements
2006 Apr 28
3
persistent cookies
hello,
I am trying to implement a "remember be" box for logins, however I cant
seem to get it to work. I have tried the following 2 methods but neither
seem to work. When i check the expiry time in firefox it always says "end
of session".
What is the proper way to handle this so the session cookie "_session_id"
doesnt expire for a year?
I tried
2006 Jan 08
6
Persistent session cookies?
It seems Rails sessions by default only last, well, a browsing session.
If the Rails app keeps track of logged-in state by sessions, that state
doesn''t survive restarting the browser.
How best to change this behaviour, to make the session cookie live
forever, or at least beyond browser restarts?
It was suggested to me on IRC to combine sessions with code to generate
a unique id and
2007 Aug 17
1
Cookie Sessions in Merb?
I like the cookie sessions that Rails edge has - they make sense,
they''re fast, easy.
For those that don''t know: the default session mechanism is to give
developers a Hash called session. To store this object between
requests it Marshals the session object and sends the object itself
(now as a bitstream) back to clients to store in their cookie file. To
prevent users from
2012 Sep 19
1
scraping with session cookies
Hi, I am starting coding in r and one of the things that i want to do is to
scrape some data from the web.
The problem that I am having is that I cannot get passed the disclaimer
page (which produces a session cookie). I have been able to collect some
ideas and combine them in the code below but I dont get passed the
disclaimer page.
I am trying to agree the disclaimer with the postForm and write
2008 May 17
4
Setting cookies in service overloader thingo
I''m implementing a simpler version of the Cookie Session Store in
Rails 2.0. If you know what that is, skip the next paragraph.
A cookie session store stores the session data inside cookies, on the
client, and signs them using a secret string, hashed together. The
user can decode the cookie easily if they know much about computers
and see what''s inside, but they
2012 Apr 25
8
showing error (gsub) when switching from session to cookies
I am newbie to rail. Trying to develop social networking site so working
with railspace application. Everything is working fine but I stuck in
the problem when i am giving the authorization tocken to the user to
remember him/her.
My Error and controller code is below
Error:-
private method `gsub'' called for 4:Fixnum
C:/Users/Amir/Downloads/IR/ruby/lib/ruby/1.8/cgi.rb:342:in
2007 Oct 04
1
Cookies in RSpec
So how do you work with cookies properly in rspec now? I noticed in
the docs that it mentions session, assigns, and flash, but nothing of
cookie. I''m using edge rails so I''m concerned about changes to the
cookie mechanisms. I need to assign values into the cookie (a
remember token for restful authentication) so that I can have it log
in by cookie. here is my spec
2010 Nov 14
1
RCurl and cookies in POST requests
Hello.
I know that it's usually possible to write cookies to a cookie
file by removing the curl handle and doing a gc() call. I can do
this with getURL(), but I just can't obtain the same results with
postForm().
If I use:
curlHandle <- getCurlHandle(cookiefile=FILE, cookiejar=FILE)
and then do:
getURL(http://example.com/script.cgi, curl=curlHandle)
rm(curlHandle)
gc()
it's
2007 Jan 29
2
rspec and cookies
Hello
can anyone tell me how to test cookies using rspec? specifically, I''d like
to be able to set a cookie before a get/post request and also to test the
cookies which have been set by a get/post request
I know I can use cookies[:name] = ''value'' to set a cookie but how would I
set expiry information on such a cookie? when i try to pass a hash {:value
=>
2006 Jan 11
9
Prototype & Cookies
Has anyone written any "cookie" class using prototype?
Basically, what I am looking for is if there is an easy way to store mutiple cookies in a single cookie using hash or something - easy writing and retrieval (updating the cookie value).
For eg -
If I had 25 cookies for my domain 5 of the cookies would either get dropped or not be set (as there is a limit of 20 cookies per domain).
2001 Nov 15
2
X11 cookies and forwarding
I'm guess I wasn't following the whole cookies discussion completely
(putting cookies in /tmp to avoid putting them on NFS, etc.), but I
noticed today that with 2.9.9p2, if I use "ssh -X" to start a shell on the
server, in that shell XAUTHORITY is set to /tmp/ssh-XXXXXXXX/cookies and
there are cookies placed there there. These are the "fake" cookies for
the
2006 Nov 24
0
Maybe a bug in Cookie:cookies
Hi man,
Thank you very much for your good work.
I think there may be a bug in Mechanize 0.6.3. Cookie:cookies (cookie.rb:L83
)
@jar[domain].each_key do |name|
=> if url.path =~ /^#{@jar[domain][name].path}/
if @jar[domain][name].expires.nil?
cookies << @jar[domain][name]
elsif Time.now <