On 3/22/07, Steve Longdo <[EMAIL PROTECTED]> wrote: > > Have an after_filter that adds a "single-use" token to the cookie after a > request and a before_filter that checks for the "single-use" token when a > user makes a new request.
1. I probably misunderstand your point, because I'm about to say something obvious. Requests that belong to the same session are not guaranteed to be sequential in any meaningful way. 2. The check you are talking about would have to check the session against SOMETHING. Something more specific than a single secret. I.e., a piece of server-side data that maps to the session. Which kills the rationale behind session-based cookies, no? So, it looks like cookie-based sessions would only work for the same scenarios where "Remember my login on this computer" option without an opt out is acceptable. Alex --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
