StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PODisabling :cookie_only in the session store in Rails 3?
primarykey
Id
4384046
data
AcceptedAnswerId
4513045
AnswerCount
2
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2010-12-08T03:59:32.407
FavoriteCount
0
LastActivityDate
2015-02-08T05:32:59.747
LastEditDate
LastEditorUserId
0
OwnerUserId
510180
ParentId
0
PostTypeId
1
Score
1
ViewCount
1612
LastEditorDisplayName
text
Body
We have a Rails app which communicates with a PhoneGap-based iPhone app. We are in the process of upgrading the Rails app from Rails 2.3.5 to 3. Due to some issues getting PhoneGap to play nice with Rails's cookies, the Rails app (pre-upgrade) was configured with <code>:cookie_only</code> set to false: <pre><code>ActionController::Base.session = { :key => '_our_key', :secret => 'ourreallyreallylongsecret', :cookie_only => false } </code></pre> This configuration was translated to the following for Rails 3: <pre><code>OurApp::Application.config.session_store :cookie_store, :key => '_our_key' OurApp::Application.config.secret_token = 'ourreallyreallylongsecret' </code></pre> The problem is, I cannot figure out how to use the <code>:cookie_only</code> option in Rails 3. Now, I realize that setting <code>:cookie_only</code> to false is a really bad idea and leads to nasty session fixation exploits. We are certainly planning on fixing this in the future. However, the existing iPhone app relies on this behavior in order to function at all. So I need to be able to get the iPhone app to work for the short run while we overhaul the iPhone app's session stuff. Looking at the Rails source for <code>CookieStore</code>, it looks like they really don't want us to be able to use that option anymore: <pre><code>def initialize(app, options = {}) super(app, options.merge!(:cookie_only => true)) freeze end </code></pre> We monkey patched the Rails source to merge in <code>:cookie_only => false</code>, which did not work. We even went so far as to just directly set <code>@cookie_only = false</code> in <code>AbstractStore</code>'s <code>initilize</code> method, but it just got ignored. It seems as though the <code>CookieStore</code> implementation no longer honors <code>@cookie_only</code>. Is there really no way whatsoever to use this functionality in Rails 3? Any help would be GREATLY appreciated.
Tags
<ruby-on-rails><session><cookies><ruby-on-rails-3>
Title
Disabling :cookie_only in the session store in Rails 3?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USthefugal
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PODisabling :cookie_only in the session store in Rails 3?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COand here I was all ready to chime in with a description of session fixation attacks. good luck dude, sorry I can't help
 singulars
 PostPostId
 PODisabling :cookie_only in the session store in Rails 3?
 UserUserId
 USMatt Briggs

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.