Setting cookies in service overloader thingo
I'm implementing a simpler version of the Cookie Session Store in
Rails 2.0. If you know what that is, skip the next paragraph.
A cookie session store stores the session data inside cookies, on the
client, and signs them using a secret string, hashed together. The
user can decode the cookie easily if they know much about computers
and see what's inside, but they can't alter it because they can't
generate the needed hash to sign it, and the server will ignore all
cookie session data that isn't signed right. It's neat, you don't need
a database, no file system clutter, and I think it feels really just a
lot more natural this way.
Trouble is, I'm trying to make it work as a drop in replacement for
the camping sessions mixin so people can 'upgrade' in either direction
easily, consider this code however...
def service(*a)
if @cookies.identity
blob, secure_hash = @cookies.identity.to_s.split(':')
blob = Base64.decode64(blob)
data = Marshal.restore(blob)
data = {} unless secure_blob_hasher(blob) == secure_hash
else
blob = ''
data = {}
end
app = self.class.name.gsub(/^(\w+)::.+$/, '\1')
@state = (data[app] ||= Camping::H[])
hash_before = blob.hash
return super(*a)
ensure
if data
data[app] = @state
blob = Marshal.dump(data)
unless hash_before == blob.hash
secure_hash = secure_blob_hasher(blob)
@cookies.identity = Base64.encode64(blob).strip + ':' +
secure_hash
end
end
end
and there's quite a problem, check out that line, return super(*a),
and look at the camping source, and soon enough one realises the
reason this doesn't work at all is that the code inside the super is
the code converting @cookies in to the Set-Cookie http header, so it's
too late to set a cookie by the time the ensure block runs and tries
to save the session.
What should I do? It feels dirty to copy code out of camping.rb that
serializes the cookies, in effect making it do that job twice every
time the session data and any other cookie data changes (which
wouldn't be a big deal for my app, but still seems nasty). Anyone got
a better idea?
—
Jenna “Where's my oats” Fox___
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list
Re: Camping-Omnibus Doesn't Work With Ruby v1.8.6
Ok noted, it should probably be fixed once camping is released on rubyforge 2008/5/10 Trevor Johns [EMAIL PROTECTED]: I've noticed that the copy of Mongrel installed by the camping-omnibus gem doesn't work with Ruby 1.8.6. Or to be more specific, cgi_multipart_eof_fix (which Mongrel is dependent upon) doesn't work: $ sudo gem install mongrel --source http://code.whytheluckystiff.net ERROR: Error installing mongrel: cgi_multipart_eof_fix requires Ruby version = 1.8.5 It looks like the copy of Mongrel mirrored on code.whytheluckystiff.net is v1.0.1. The latest public release is v1.1.4. Working around this is easy (just download the component parts individually from gems.rubyforge.org), but it might scare away some newbies who are following the directions on the wiki. Time to update the Gems hosted on code.whytheluckystiff.net? On a related note, how come camping-omnibus doesn't exist on gems.rubyforge.org? -- Trevor Johns http://tjohns.net ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Re: Setting cookies in service overloader thingo
Nice catch, cookies support never really felt complete to me. Maybe we should put it in a different module ? Cheers, zimbatm ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Re: Setting cookies in service overloader thingo
I haven't read through all of camping yet, I only started playing with it seriously a few days ago, so I don't know where might be a better place for it. Maybe whatever it is which calls service could do the cookies. it would be nice if there was a way to set cookies long term too, though it isn't really important and for my app, the only place I'd be using it is to duplicate the form filling out functionality for my openid login box that all modern browser's already provide. It is really refreshing for cookies to be so simple. I have very mixed feelings about making them 'complete'. If more complete cookie support were added, that would surely include the setting of expiry, this opens up another big change in that many apps set the same cookie over and over even though nothing has changed because they want the expiry to always be, for example, one week after the last page the user loaded. The framework currently doesn't make allowances for setting the same cookie over and over when no data has changed either. Maybe it's best to stick with simple cookie support. If people really need much more I don't feel it unfair for them to need to hack it in themselves or move up to rails and the likes. — Jenna ”Where's my equestrian hat?” Fox On 18/05/2008, at 2:41 AM, zimbatm wrote: Nice catch, cookies support never really felt complete to me. Maybe we should put it in a different module ? Cheers, zimbatm ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
Re: Camping-Omnibus Doesn't Work With Ruby v1.8.6
Yeah, and because ruby 1.8.6 comes with Mac OS X Leopard, that's probably scaring plenty of people (me included!) — Jenna “The Omnibus” Fox On 18/05/2008, at 2:40 AM, zimbatm wrote: Ok noted, it should probably be fixed once camping is released on rubyforge 2008/5/10 Trevor Johns [EMAIL PROTECTED]: I've noticed that the copy of Mongrel installed by the camping- omnibus gem doesn't work with Ruby 1.8.6. Or to be more specific, cgi_multipart_eof_fix (which Mongrel is dependent upon) doesn't work: $ sudo gem install mongrel --source http://code.whytheluckystiff.net ERROR: Error installing mongrel: cgi_multipart_eof_fix requires Ruby version = 1.8.5 It looks like the copy of Mongrel mirrored on code.whytheluckystiff.net is v1.0.1. The latest public release is v1.1.4. Working around this is easy (just download the component parts individually from gems.rubyforge.org), but it might scare away some newbies who are following the directions on the wiki. Time to update the Gems hosted on code.whytheluckystiff.net? On a related note, how come camping-omnibus doesn't exist on gems.rubyforge.org? -- Trevor Johns http://tjohns.net ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
