[Rails] sessions without cookies
Tobias Luetke
tobias.luetke at gmail.com
Mon Jan 3 03:31:45 GMT 2005
Currently, if users manage to get to the view shopping cart page with
an empty shopping cart I tell them how to enable cookies.
Session info in the URL are too dangerous for a shop i think. Someone
might post a link to a product on a board and everyone following this
link is logged with all user data available.
You can ip restrict sessions but that still leaves people behind big
proxy servers vulnerable ( ie AOL ).
I added a small log entry so i'll be able to grep and see how often
this happens after my shop launches.
On Sun, 2 Jan 2005 21:22:03 +0100, Florian Weber <csshsh at structbench.com> wrote:
> hi!
>
> is anybody of you using sessions without cookies (with get parameters
> instead)?
>
> btw, what do you guys think, is it worth to support users which have
> cookies
> disabled for a shop?
>
> ciao!
> florian
>
> _______________________________________________
> Rails mailing list
> Rails at lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
--
Tobi
http://blog.leetsoft.com
More information about the Rails
mailing list