[Facebooker-talk] profile_user facebook tabs

Mike Mangino mmangino at elevatedrails.com
Fri Jan 30 16:44:04 EST 2009 

I would rather use tab_session or some other session name to make sure  
it is clear that it is a different user. That way, you don't pull the  
user information and accidently give the viewing user the privileges  
of the user they are viewing.

You could create a tab_session helper and build it only on tab pages.

Mike

On Jan 30, 2009, at 3:49 PM, Matthew Beale wrote:

> On Fri, 2009-01-30 at 13:54 -0500, Mike Mangino wrote:
>> The profile_user is the person whose tab is being viewed, right? Not
>> the viewer? If so, it seems wrong to secure a session with that user.
>>
>
> Nah, you need a session for someone :-).  It's better than no  
> session at
> all, and you have a chance to show some data about the hosting user.
> It's just a change of perspective to keep in mind while you write
> templates.
>
> I've also gotten feedback from a large number of users who use the tab
> for themselves anyway, it's weird but I try to keep a focus on both
> possible audiences.
>
> -- 
> Matthew Beale :: 607 227 0871
> Resume & Portfolio @ http://madhatted.com
>
>> Mike
>>
>> On Jan 30, 2009, at 10:58 AM, Matthew Beale wrote:
>>
>>> Hi all,
>>>
>>> I use the following monkey-patch on facebooker- it secures a session
>>> with fb_sig_profile_user for profile tabs.
>>>
>>> I can spec it out and add it to my fork:
>>>
>>> http://github.com/mixonic/facebooker/tree/master
>>>
>>> If secure_with_facebook_params feels like the right place for it.
>>> Thoughts?  Thanks!
>>>
>>> -------------------------
>>> module Facebooker
>>> module Rails
>>>   module Controller
>>>
>>>     # Over write secure to handle profile_user and
>>> profile_session_key params
>>>     #
>>>     def secure_with_facebook_params!
>>>       return unless request_comes_from_facebook?
>>>
>>>       if ['user', 'session_key'].all? {|element|
>>> facebook_params[element]}
>>>         @facebook_session = new_facebook_session
>>>         @facebook_session.secure_with!
>>> (facebook_params['session_key'], facebook_params['user'],
>>> facebook_params['expires'])
>>>       elsif ['profile_user', 'profile_session_key'].all? {|element|
>>> facebook_params[element]}
>>>         @facebook_session = new_facebook_session
>>>         @facebook_session.secure_with!
>>> (facebook_params['profile_session_key'],
>>> facebook_params['profile_user'], facebook_params['expires'])
>>>       end
>>>       session[:facebook_session] = @facebook_session
>>>     end
>>>   end
>>> end
>>> end
>>> -----------------
>>>
>>> -- 
>>> Matthew Beale :: 607 227 0871
>>> Resume & Portfolio @ http://madhatted.com
>>>
>>> _______________________________________________
>>> Facebooker-talk mailing list
>>> Facebooker-talk at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>> --
>> Mike Mangino
>> http://www.elevatedrails.com
>>
>>
>>
>
>

--
Mike Mangino
http://www.elevatedrails.com

More information about the Facebooker-talk mailing list