Rails 2.0.2 broke non-cookie based session support @ Raymond Law

Rails 2.0.2 broke non-cookie based session support

Posted on March 10th, 2008 Raymond Law No comments

Non-cookie based session used to work with Rails 1.2.6. I just wasted a couple hours figuring this out. Some googling reveals Rails 2.0.2 broke this… WTF!?

From the Rails docs:

:cookie_only – if true (the default), session IDs will only be accepted from cookies and not from the query string or POST parameters. This protects against session fixation attacks.

But it doesn’t work!!!

Ruby on Rails, Web 2.0 cookie, rails, ruby, session

Leave a reply

Name (required)

Mail (will not be published) (required)

Website

Search

Archives

Recent Posts

Recent Comments

Blogroll

Categories

Apple (8)
Badminton (6)
Basketball (6)
Dealistic (2)
Entrepreneurship (3)
Football (3)
Game (3)
Git (3)
iPhone (2)
Mac (7)
OnMyList (5)
Random (24)
Ruby on Rails (29)
Soccer (1)
Test (1)
Uncategorized (3)
Web 2.0 (31)
Wii (3)
Wizards (6)

Recommend Me