I was talking with a friend, and he suggested I store my shopping cart data in cookies, then I wouldn't need sessions until I got to the checkout pages (where they are getting set securely). Do you have an opinion on this, it seems easier than implementing sub domains to me.
Also, thank you so much for your insight, the magic of sessions is becoming a lot clearer to me. Frederick Cheung wrote: > On Jun 10, 2:21�am, Skye Weir-Mathews <[email protected]> wrote: >> The thing that is confusing me is that, I have the :secure >> session_option set, but when I go to an insecure page the Set-Cookie >> _session_id header is passed to me, and this appears to be replacing the >> _session_id cookie I got when I was on the secure page. >> > > When you go to an insecure page, your browser doesn't send the > existing session cookie (because you've marked it as secure), so rails > creates a new session (when you first use it) > >> Am I understanding this correctly? >> >> Am I correct in thinking that my only options are to: >> >> 1. set sessions securely >> 2. use sessions in the insecure parts of my application >> >> but I definitely can't have both? > > f you had separate subdomains (a secure and a non secure) then things > would just work (because the browser wouldn't try and use the same > cookies across both domains > > Fred -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
