Many Rails apps use the CookieStore method of storing sessions. The security of this method depends mainly on the security of the session secret key which is defined by default in config/environment.rb: config.action_controller.session = { :session_key => '_some_name_session', :secret => 'long secret key' } Most people i...
I have read a bunch of stuff saying that one con of using the cookie store in a Rails app is that the client can see the cookie data. However, I looked at the cookie data and it is encrypted. Is it relatively easy to decrypt the cookie data? ...
I have a couple users that are getting this CookieStore::CookieOverflow error. I'm suspicious of nginx/passenger because I just switched to that last week (from nginx/thin) and now these are happening. It's always a particular action, but it doesn't happen for all users. I checked to see what I'm storing in the session and I'm not sav...
I'm setting a cookie during http GET request of the .html pages with embedded images. I'm expecting the browser to return the cookies when getting all the embedded images, but apparently it does not happen for the first embedded image. Is this how it's supposed to work or am I missing something ? ...
Hello, I am currently experiencing a strange issue with our users being logged out. I haven't been able to reproduce it explicitly. The Rails application is using the default CookieStore. My initial hypothesis is that somehow the session data within the cookie, or even the cookie itself is being destroyed. This may be either from a use...
I'm developing an app using android 2.1. I have a problem with using session cookies to login to a RESTful web service. The code works fine on the emulator, but when I run it on my HTC Magic, the cookie logic doesn't work. I've confirmed that the magic is receiving cookies in the headers by listing them (see attached). Can anyone say wh...