On Friday, December 6, 2013 3:36:28 AM UTC, Fred Guest wrote:
>
> is this possible? i'm serving a rails app into an iframe and i'm testing
> in chrome with "block third-party cookies" selected because it's not safe
> to assume that third-party cookies won't be blocked. iframes are treated as
> third parties so i need the app to function independently of cookies. i've
> done a boatload of googling an fiddling already, and it seems that even if
> you change ".config.session_store :cookie_store" to active_record_store or
> mem_cache_store (plus the additional configuration/gems those entail), the
> persistence of session data is STILL dependent on the availability of
> cookies, which is kind of a fake out with regards to the name of that
> config.
>
Yes - a cookie is used to record which database row / memcache key to use.
The name of the store implies where the actual session data is stored.
>
> at this point i have resorted to running memcached putting this:
>
> * def write(k,v)*
> Rails.cache.write(request.remote_ip.gsub('.', '')+k,v)
> * end*
>
> * def read(k)*
> Rails.cache.read(request.remote_ip.gsub('.', '')+k)
> * end*
>
> in my application_controller and using it as i would "session[:foo] = bar"
> or "session[:foo]". it works, but i don't feel great about it due to the
> nature of IP addresses. is there a better way to accomplish this?
>
>
Is it an option for you to pass a session id in the url? Unideal too, but
perhaps less unideal than what you currently have. I think this used to be
something rails supported, but I seem to remember it getting removed, so
you might have to hack that back in.
Fred
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/93f96b61-1dd1-459c-be7f-b55dd4aaf534%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
