On 03 Oct 2009, at 14:45, Ruby on Rails wrote: > i have solved issue with cookieless_sessions gem.But at security level > is that proper ?
Personally, I wouldn't use cookieless sessions unless you have a very good reason to believe a lot of your users won't have cookies enabled. Sessions should never store private data, simple. Using the cookiestore has a couple of advantages that make it my preferred way of managing sessions: - URLs don't carry any session related data, so your user can't accidentally post it on a public site - Using the ActiveRecord store will hit the database for sessions on every request and you have to find a way to clean them on a regular basis - Using the MemCache store uses memory and depending on what you deploy it on (memory constrained VPS), you'll have to make sacrifices: use more memory or have sessions expire really quickly - Using the CookieStore just moves the session data to the client side and passes it on with every request I know people coming from the PHP world, where it used to be very common to include session data in the url or post parameters, have the tendency to want to stick to that way of handling things. However, these days disabling cookies is so uncommon (they're nothing more than a little text file and all browsers have it enabled by default) that I see no reason not to use them. We've been using them for so long, they've not caused any problems when used properly (i.e. store only very small amount of data, such as the user id) and they take away any reason to take any additional resources on the server just for the sake of session management. But that's just how I feel, some people may disagree. Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
