Hi Campers, from the discussions gathered around, the current Camping sessions don't seem to be satisfying. ActiveRecord doesn't seem to handle hashid as an identifier, plus it doesn't seem to be fully consistent across the various RDBMS. On the other hand, the scope of the project does not permit to implement all kind of client persistence. Secure sessions with cross-process persistence is not that easy. You probably would like to link the sessions ids with the clients's IP or other kind of magic to make sure that XSS attacks are not possible.
So here is what I propose : Camping will only provide an in-process session store with no real security built-in. See it as a hack-ready example that will allow you to make your internal apps work quickly (ak. no DB dependency). And for the more demanding, I hope that a parallel project can be started that provides more serious sessions (and other extensions?) handling. Ah, and I have attached a working example of how it would look like for peer-review. -- Cheers, zimbatm
session.rb
Description: Binary data
_______________________________________________ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
