[Rails] sessions without cookies
Carl Youngblood
carlwork at ycs.biz
Wed Jan 5 18:32:05 GMT 2005
Justin French wrote:
> All you need to do is bind the session to *something* constant on the
> client side... my current preferred method is to use the user agent
> string (even if it's empty, it really should remain constant).
> Tracking the IP address as well (and only resetting the session if
> both change) would also be an option.
>
> There's a bunch of other tricks in PHP which I'm sure apply to Rails
> as well. I learnt most of my PHP/Session/Security stuff off Chris
> Shifflet:
>
> http://shiflett.org/articles/the-truth-about-sessions
> http://shiflett.org/talks/phpworks2004/php-session-security
>
> Sorry to drag the dirty acronym (PHP) in here, but perhaps all this
> can be integrated into Rails?
Those were some good articles--thanks for sharing. And you don't need
to apologize about PHP. :-) It is a decent language that many of us
learned how to do web programming on, and I still think that good web
apps can be written with it. I prefer ruby/rails, but given the choice
between Java and PHP for web programming, I'd choose PHP anyday.
More information about the Rails
mailing list