On 25 April 2012 11:52, Frederick Cheung <[email protected]> wrote: > > > On Apr 25, 5:15 am, "Amir Z." <[email protected]> wrote: >> Please find my login code below. >> > > >> cookies[:authorization_token] = { (line no. 27) >> :value => user.authorization_token, (line no. 28) >> :expires => 10.years.from_now } (line no. 29) > > Cookie values should be strings, not integers. Also since you've set > authoization_token to just be the user id, this allows any user to log > into as any other user just be modifying the value of this cookie and > guessing a user_id
Why is it I only know the answers to the easy questions I wonder. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
