similar to: request.session_options broken?

I''m getting ready to put an app into production and I''ve found a strange issue that, as far as I know, shouldn''t be happening. To me this looks like it could be a bug, but I''m not sure and I''m hoping some one here can tell me if they''ve seen this before, or can idiot- check me in that hopefully it''s just something I''ve missed

Recently, I got this security vulnerability on my app: Ruby on Rails Multiple Method Session Fixation Synopsis : The remote web server is affected by a session fixation vulnerability. Description : The web server on the remote host appears to be a version of Ruby on Rails that supports URL-based sessions. An unauthenticated remote attacker may be able to

I''m working on an ecommerce site (in Rails 2.3) and I added: ActionController::Base.session_options[:secure] = true to ~/config/environments/production.rb Now, every time I add something to my shopping cart and navigate away I get a new session_id (which essentially empties my shopping cart). How can I get the continuity of my sessions back, while still having the session_id get set

I am having problem retrieving the value for variable request.session_options[:id] from my controller. Though the same returns a proper value when accessed through a view. I am not able to understand why it is happening. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

How do I display, in breakpointer for example, session.session_key or session.session_expires ?? The only one that works is session.session_id for some reason. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060517/d99e0837/attachment-0001.html

We''re going to have problems keeping cookies across domains. We want people to shop in one domain (e.g. "booksareus.com") and then checkout on the same server securely under a different domain (e.g. "greatbooks.com"). When we make the jump to the secure domain (the checkout link) can we submit the user''s session ID along with it and have it

Hi all - I am trying to get rails to use memcache for sessions and fragment caching. I''d also like to use the same connection for general caching of this and that. I''m following the instructions here: http://wiki.rubyonrails.com/rails/pages/HowtoChangeSessionStore and hitting a brick wall. I''m using the new memcache-client since from what I''ve read

Posted this on stack overflow earlier today here<http://stackoverflow.com/questions/13673969/rails-3-2-session-id-nil-until-next-request>, I really either don''t know what I''m doing, or I don''t understand how sessions are supposed to work! I''m connecting to rails from an Air app and communicating with JSON only. When the client sends a login request,

Courtesy of The Robot Co-op. $ yes | sudo gem install cached_model Or, you can download cached_model and memcache-client (our zippy-fast memcache library, required) from: http://rubyforge.org/frs/?group_id=1266 I don''t have the README posted for making cached_model work online yet, so here it is: = CachedModel Rubyforge Project: http://rubyforge.org/projects/rctools/ == About

Hi, i need that all the subdomains of an app (using subdomain_fu) use ''.domain.com'' as domain for all cookies. I''ve set ActionController::Base.session_options[:domain] = ''.domain.com'' and it works...for just the session... how can i set this also for common cookies ? (created with cookies[:name] = {:value => value, :expires => 6.months.from_now} )

When I run my rake test:units I get the following: DEPRECATION WARNING: Disabling sessions for a single controller has been deprecated. Sessions are now lazy loaded. So if you don''t access them, consider them off. You can still modify the session cookie options with request.session_options.. (called from C:/Users/Wayne/ Documents/Aptana Studio/chores/app/controllers/

Could someone please elaborate on the technical differences and practical impact of whether choosing memory-based tables in MySQL or using memcached. I got this far on my own: It seems that MySQL uses the NDB engine for transaction-safe memory access in a cluster. the memory storage engine seems to be faster but not synchronizable by any means in a cluster. memcached seems to be ultimately fast

Hi, I''m trying to make a simple shopping cart, where I want to maintain state when a use logs in from different location. Consider the following : 1. ''foo'' logs in from home pc and add ''bar'' item to the cart. 2. ''foo'' goes to office and logs in from office PC. 3. Now I want only one session for ''foo'', so that when

I''m having a problem switching from cookie sessions (the default) to active record sessions. I''ve created the sessions table via the rake task, uncommented the line config.action_controller.session_store = :active_record_store in my environment.rb file, cleared out my browsers cookies, restarted the server (natch), but still the it''s using cookie_store instead of

I am using the restful authentication plugin and am always prompted to login if a different subdomain is accessed. I have found a couple rails "solutions", but none of them seem to work: # development.rb 1. ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key] = ".localhost" 2. ActionController::Base.session_options[:key] = ".localhost" Does anyone

Hello all, I am new on the rails list, having signed up today, but I am in the midst of some sticky business getting rails to go on my linux system. I am running Fedora Core 4, with Ruby 1.8.4 and Apache 2.0.54. I have setup the chapter 4 tutorial from the "agile book" and everything works absolutely perfectly using Webrick. I got rails 1.1.3 from ruby gems, and since have done an

I''m having an issue with ARsessions... I have a rails app AND a merb app both under the same domain... I have redirects working for this to be seamless... however, the session started on merb is different than the session started in the rails app... like so.. http://pastie.caboo.se/private/r1ar42qiaekrqjdt6y Any ideas why? The only difference I see, but dunno where to change this, is

I have tried all night trying to find a way to get the host name which is currently being used within my routes.rb file to do some case/when switching for specific domains such as this cgi = ActionController::CgiRequest.new(CGI.new) case cgi.domain(1) when /www/ map.connect '''', :controller => ''public'', :action => ''index'' when

Hello everyone, I did some initial tests and it seems that mongrel does not support byte-range requests. Is this correct? The reason I ask is that the iPhone requires byte-range requests to work in order to stream audio or video from a web server. Thanks in advance, alan

Is there any way to change the output of rake spec fails? The errors are just totally over the top ugly and not helpful. First of all the ruby -Ilib line always comes before each test and I find it distracting. But if an error occurs on something that is not nil it just gives me the entire contents of that object and that is no small matter when the object is a HTTP request response. Here is