@state not being saved
Bluebie, Jenna
blueberry at creativepony.com
Tue Jul 29 11:13:36 EDT 2008
Also worth noting that camping includes it's own session support.
We're not using bits from rails for sessions except for ActiveRecord
itself, and then only if you're using active record sessions. You
might like to try the cookie sessions included in current Camping 2.0
builds (Magnus has more info on where you can grab those gems) which
doesn't depend on ActiveRecord, if your session data can fit in under
a couple of KB's. There's also an older though fully functional
implementation of cookie sessions on the wiki for 1.5 by yours truly. :)
essentially it works by storing the @state hash in a cookie, and
digitally signing the data with an SHA hash of some sort, so while the
user can see what's in their session if they're determined enough,
they cannot tamper with it without knowing rather secret details about
your server environment. You can also provide a custom key in your
code for it to use for security bonus points. Without the key, so long
as SHA isn't ever broken, they won't be able to tamper with the data
without the server realizing and invalidating the session, starting
them afresh. :)
I really hope the ActiveRecord crew sort this out before we get too
close to releasing 2.0 officially! :)
More information about the Camping-list
mailing list