ou so much for your insight, the magic of sessions is
becoming a lot clearer to me.
Frederick Cheung wrote:
> On Jun 10, 2:21�am, Skye Weir-Mathews wrote:
>> The thing that is confusing me is that, I have the :secure
>> session_option set, but when I go to an insecure
in the insecure parts of my application
but I definitely can't have both?
Frederick Cheung wrote:
> On Jun 8, 11:35�pm, Skye Weir-Mathews wrote:
>
>>
>> Is there a way to only pass the session_id over ssl, but have the rest
>> of the page be unencrypted?
>
&g
I added
ActionController::Base.session_options[:secure] = true
to ~/config/environments/production.rb
and now my app sets a different session_id cookie on every request to a
non ssl page, making the session useless.
If my session_id cookie is set by a request to a https page, and I stay
on http
I'm working on an ecommerce site (in Rails 2.3) and I added:
ActionController::Base.session_options[:secure] = true
to ~/config/environments/production.rb
Now, every time I add something to my shopping cart and navigate away I
get a new session_id (which essentially empties my shopping cart).
H
4 matches
Mail list logo
