Did you already read Ruby on Rails Security Guide in Rails Guides ?
http://guides.rubyonrails.org/security.html
On Friday, July 5, 2013 6:10:28 AM UTC-4, ciaoda...@gmail.com wrote:
>
> Hello
>
> I'm learning RoR and i would like to know more about the sessions in RoR
>
> Can anyone give me a goo
unknown wrote in post #1114514:
> I'm learning RoR and i would like to know more about the sessions in RoR
>
> Can anyone give me a good example for a session in a web application? or
> good pages for learning?
> (not: http://ruby.railstutorial.org/ruby-on-rails-tutorial-book :P)
There's really
Hello
I'm learning RoR and i would like to know more about the sessions in RoR
Can anyone give me a good example for a session in a web application? or
good pages for learning?
(not: http://ruby.railstutorial.org/ruby-on-rails-tutorial-book :P)
Thanks
--
You received this message because yo
On Monday, February 4, 2013 1:14:05 PM UTC, Rafael Sales wrote:
>
> Hey guys,
> I have been facing a race condition in rails 2.3 session. The problem is
> well described here:
> http://www.paulbutcher.com/2007/05/race-conditions-in-rails-sessions-and-how-to-fix-them/
> I could
Hey guys,
I have been facing a race condition in rails 2.3 session. The problem is
well described here:
http://www.paulbutcher.com/2007/05/race-conditions-in-rails-sessions-and-how-to-fix-them/
I could reproduce the same scenario in rails 3.
Since this is not considered a problem for many and
On 26 April 2012 17:12, chinmoy wrote:
> I need help in sessions where I am trying to do a login form... can anyone
> tell me how to change the environment.rb or the session_store.rb files for
> using sessions?? Also I would like some further beyond this... anyone??
What problem are you having th
I need help in sessions where I am trying to do a login form... can anyone
tell me how to change the environment.rb or the session_store.rb files for
using sessions?? Also I would like some further beyond this... anyone??
--
You received this message because you are subscribed to the Google Gr
i have some questions about sessions store, actually im using cookie
based authentication. But i need a way to know if someone is logged in
or not, so that's why i need DB store sessions, but my question is, is
the a way of making this sessions expire like cookies, or beeing
permanent as cookies? i
"Ruby on Rails 3 Tutorial" says,
==
This session object makes the user id available from page to page by
storing it in a cookie that expires upon browser close...
Because of the way Rails handles sessions this process is secure; if a
malicious user tries to spoof the user id, Rails will detect a
Hi all,
If I was to create a mobile app connecting to Michael Hartl’s tutorial
ROR3 application... in order for me to implement a “always remember
me” model, would a user just sign up once and get a token, and use
that same token every time the mobile app runs. Or do I save the
credentials and the
I'm sorry, I originally posted this topic on Rails-Deployment, but it's
evidently the wrong area.
I didn't want to, did that on distraction, sorry :)
Anyway, the original post was this below:
Hello!
I'm at my very first application in Rails, and I'm learning from Agile
Development with Rails.
I'
I'm interested in knowing whether a session is created by pages
requested by web crawlers and bots. I am using MySQL as a the session
store and would like to prevent requests by web crawlers and bots from
creating unnecessary session entries.
--
You received this message because you are subscribe
There you go. Everything you need to learn about sessions and cookies is
right here.
http://guides.rubyonrails.org/action_controller_overview.html#session
http://m.onkey.org/signed-and-permanent-cookies-in-rails-3
http://oldwiki.rubyonrails.org/rails/pages/HowtoChangeSessionOptions
http://guides.ru
Any good tuts on Sessions in Rails 3?
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@goog
Hi *, my question is very simple, I must be going crazy for not being able to
do something like this ...
I've tried setting cookies with cookies.permanent[ :foo ] (both string and
symbol) and reading it after a redirect, but both cookies and cookies.permanent
are empty. I then tried in the old w
I'm looking at page 162 in *Agile Web Development with Rails* and in
there they do the following once they find that a user has logged in
with the right name and password:
- - -
def login
if request.post?
user = User.authenticate(params[:username], params[:password])
if user
hi all,
in my application i have to maintain the user information in session and
updates the table flag when the user logins and while loggingout i
change the flag to zero.
i want to delete the stale sessions and while doing this i want to
perform operation on tables how to do this.
Please let m
On Tue, Apr 27, 2010 at 9:56 AM, Peter De Berdt
wrote:
>
> That's irrelevant if the app in question depends on inactive sessions
> being expired.
>
> http://dev.rubyonrails.org/ticket/10751
Interesting but also irrelevant; recognizing a request for an expired
session is not the same as explicitly
On 27 Apr 2010, at 18:50, Hassan Schroeder wrote:
Well, if you're using the cookiestore for sessions, you don't have
to worry
about stale sessions anyway.
? How so?
Because the session data is kept in a cookie on the client side,
not on the
server in any way. The session is removed on the
On Tue, Apr 27, 2010 at 9:38 AM, Peter De Berdt
wrote:
> Well, if you're using the cookiestore for sessions, you don't have to worry
> about stale sessions anyway.
>
> ? How so?
>
> Because the session data is kept in a cookie on the client side, not on the
> server in any way. The session is rem
On 27 Apr 2010, at 18:13, Hassan Schroeder wrote:
Well, if you're using the cookiestore for sessions, you don't have
to worry
about stale sessions anyway.
? How so?
Because the session data is kept in a cookie on the client side, not
on the server in any way. The session is removed on t
On Tue, Apr 27, 2010 at 8:56 AM, Peter De Berdt
wrote:
> Well, if you're using the cookiestore for sessions, you don't have to worry
> about stale sessions anyway.
? How so?
--
Hassan Schroeder hassan.schroe...@gmail.com
twitter: @hassan
--
You received this message
On 27 Apr 2010, at 17:44, Andy Jeffries wrote:
in my application, i have login form. while login into the application
iam maintaning the details in session. i want to remove the stale
sessions and while removing the stale sessions i want to perform some
operattions on database . how to do this.
>
> in my application, i have login form. while login into the application
> iam maintaning the details in session. i want to remove the stale
> sessions and while removing the stale sessions i want to perform some
> operattions on database . how to do this.
>
How are the sessions stored? The def
hi all,
in my application, i have login form. while login into the application
iam maintaning the details in session. i want to remove the stale
sessions and while removing the stale sessions i want to perform some
operattions on database . how to do this.
Regards,
Rajkumar
--
Posted via htt
Hello, I have a little question.
I want to an user edit or delete their comments. For it, I have this
code:
<% if post.usuario_id == session[:usuario_id] %>
<%= link_to 'Editar', {:action => 'edit', :id => post.id}
%>
<% end %>
You can see that post have a value "usuario_id" where the I m
The *Agile Web Development with Rails* book has an explanation of
sessions that I am having trouble following.
Does anyone know of another good discussion of how Rails manages
sessions.
Specifically, in Firefox and and Internet Explorer ... is each browser
window a session? Is each invocation of
I'm an experienced programmer, but new to Rails.
I would like to echo an unanswered question I've recently read
elsewhere.
Can any recommend an overview of get/post, cookies, sessions, etc.,
and how Ruby on Rails interacts with all of this?
I'm interested in understanding how to harden a Rails
I'm trying to make a simple quiz app, but I'm confused as to how to
work with sessions.
I have User table, Questions table. And I need to store the responses
of each questions by each user, so for example, user_id 2 answered
question_id 46 with choice 3.
Is a rich join table called for? Or shoul
I am dealing with a legacy db and I really don't want to add a sessions
table unless I have to.
I am just using default setup in Rails 2.3.2 and I don't see any
declarations regarding sessions in config/environment[.rb|s/]
so I put a <%= session.inspect %> in my layout and the first screen I go
Hi.
I found that sessions are disabled and can't login with restful_authentication.
Session and login works fine with "config.cache_classes = false" but
it doesn't work with "config.cache_classes = true".
It doesn't show any errors, but redirect to login page.
It seems to be post nothing.
Does
Hello,
I'm currently developing an application in which accounts are managed
by subdomains (foo.example.com,bar.example.com...). I was wondering
which is the best way to enable users to navigate through different
accounts. The options are:
1) Leave your subdomain and keep your session across mul
Hi Everyone,
I am now at the stage of logging a user in and monitoring the
session.
I have a new table, called sessions.
Now there are a couple of areas that get amended before I see the
error:
1 – in user_controller – in the register action, ther is now a session
reference:
Session[:user] =
I have an online store I created and I've been saving a
"shopping_cart_id" in the session which references a data object.
I added "ssl_requirement" to the site and I put the Order Summary,
Checkout, and Confirm pages behind SSL. The only problem is that the
Order Summary page needs that session
In my application I need to track user's application state such as in
which city or category he/she is in and based on that i need to perform
a search.
I have 3 options. Use cookies, use sessions or use hidden fields.
Which one is the best choice in terms of performance and security. The
data
Hi guys, new here so bonjour..
Sorry if this question has been asked, but i had a good look and i'm
just generally confused about this at the moment!
ive been learning rails for about 4 months now and im on to sessions
and more importantly where there stored, i have "Agile web
development" and
When I deploy the application and set session variables in controller, I
get response in browser.
test_id = 2 and question_id = 1Content-Type: text/html; charset=utf-8
Set-Cookie: _paperclip_session=78f6281e39536254326432c524f3ace0; path=/
Status: 302 Found
Location: http://www..com/app/test/
I just upgraded to rails 2.3.2 from rails 1.2.x and one of the issue
was that I was getting an error of CookieOverflow.
Setup is Apache+Phusion+Rails 2.3.2+Mysql
So, I switched to active_record_store by uncommenting this line in
enviroment.rb and creating sessions table -
config.action_controll
Hi All,
I added a column to the sessions table called "created_at" in order to
allow the created time to be recorded.
However, different from other Models, the column does not update
automatically.
Therefore, what codes should I add to update the sessions."created_at"
value?
It is important fo
I figured it out! It was caching pages. I found a post to add this in
the element:
and everything looks to be working. Thanks for your input.
On Oct 16, 2:59 pm, gwgeller <[EMAIL PROTECTED]> wrote:
> Shandy,
> I've just spent some time looking through the production log. I
> noticed the
Shandy,
I've just spent some time looking through the production log. I
noticed the IE7 requests were sometimes erroring out because of
InvalidAuthenticityToken errors. But I know this happens when cookies
are turned off so if the IE7 sessions aren't working right this error
will probably exi
In IE7 i got 500 errors. Could it be that there might be puts statements
in your controller? I have found that that will reek havok on the app
sitting on our server and will usually give a 500 error. Also, you say
the session persists, are you resetting the session variable somewhere,
like whe
Shandy,
As far as I know, I'm not the only one working on the site, there
is not much going into the session, only text, no objects. Where you
getting an actual error? I don't get any errors.
I read about taking _ out of the session name, but that didn't work. I
noticed that our web address w
Command0, it only happens in IE7 and IE6 (the only two I've tested).
Safari, Firefox (windows and mac) work fine. Also remember everything
works fine in development mode for all browsers.
On Oct 15, 5:10 pm, command0 <[EMAIL PROTECTED]> wrote:
> Is this just happening in IE7? Can you replicate th
Do you have some code? I just upgraded from 1.2.x to 2.1.0. and discover
the exact same thing. You won't by chance be putting a whole object into
a session? This is what I did and was getting an overflow error, or
something like that, I fixed it by placing only small amounts of data in
the ses
Rick,
That might work for logging out but it seems I'd still have the
problem of the session flaking out during the visit.
On Oct 15, 11:07 pm, Rick <[EMAIL PROTECTED]> wrote:
> I've noticed similar behavior on IE5 (I know, it's old, so am I:-)...
>
> I only running in development mode and te
I've noticed similar behavior on IE5 (I know, it's old, so am I:-)...
I only running in development mode and testing on Firefox, Safari,
Opera, and IE. The only way I can terminate a session on IE is by
deleting related cookies. The other browsers work fine. I typically
run through mongrel tho
Is this just happening in IE7? Can you replicate the issue in other
browsers like Chrome, Firefox, Safari, etc... ?
On Oct 15, 4:00 pm, gwgeller <[EMAIL PROTECTED]> wrote:
> Hello,
> We are developing in Rails 2.1.0 and serving the files with mongrels
> behind Apache. We are using SqlSessionStore
Hello,
We are developing in Rails 2.1.0 and serving the files with mongrels
behind Apache. We are using SqlSessionStore. Recently I noticed that
when logging into our site using IE7 the session doesn't persist in
some situations, and persists when it shouldn't.
For instance when I log in my info
49 matches
Mail list logo
