Camping and sessions proposal.
Jonas Pfenniger
zimbatm at oree.ch
Tue Oct 9 18:09:25 EDT 2007
Hi Campers,
from the discussions gathered around, the current Camping sessions
don't seem to be satisfying. ActiveRecord doesn't seem to handle
hashid as an identifier, plus it doesn't seem to be fully consistent
across the various RDBMS. On the other hand, the scope of the project
does not permit to implement all kind of client persistence. Secure
sessions with cross-process persistence is not that easy. You probably
would like to link the sessions ids with the clients's IP or other
kind of magic to make sure that XSS attacks are not possible.
So here is what I propose : Camping will only provide an in-process
session store with no real security built-in. See it as a hack-ready
example that will allow you to make your internal apps work quickly
(ak. no DB dependency). And for the more demanding, I hope that a
parallel project can be started that provides more serious sessions
(and other extensions?) handling.
Ah, and I have attached a working example of how it would look like
for peer-review.
--
Cheers,
zimbatm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: session.rb
Type: application/octet-stream
Size: 2907 bytes
Desc: not available
Url : http://rubyforge.org/pipermail/camping-list/attachments/20071010/a30e2093/attachment-0001.obj
More information about the Camping-list
mailing list