Hey Jim, don't be a jerk, especially when your answer is wrong.

Using <%= form_authenticity_token %> doesn't work because you don't have 
a server to dynamically insert content into html as an app is static and 
packaged on the client device (iPhone/iPad).

CSRF should not be a possible attack inside of an app. Your session is 
isolated to the app and cross domain origin policies in the browser will 
prevent the attack. Also, since you are using an app you can implement 
sessions without the use of cookies entirely.

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to