Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
gnur
on Oct 14, 2013
|
parent
|
context
|
favorite
| on:
Rails' CookieStore isn't broken
The CookieStore isn't broken but you do need to add code to fix the issue? I have no experience with Rails but I really hadn't expected that sessions would be client-side only.
thibaut_barrere
on Oct 14, 2013
|
next
[–]
FWIW, the fact that the default session store is client-side only is mentioned in the overview for beginners:
http://guides.rubyonrails.org/action_controller_overview.htm...
InAnEmergency
on Oct 14, 2013
|
parent
|
next
[–]
It's also mentioned in the security guide:
http://guides.rubyonrails.org/security.html#session-storage
_busb
on Oct 14, 2013
|
prev
[–]
Storing IDs in session cookies is not something the Rails framework introduced. Smh. It's easier to blame someone else's code though.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
