Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
gnur
on Oct 14, 2013
|
parent
|
context
|
favorite
| on:
Rails' CookieStore isn't broken
The CookieStore isn't broken but you do need to add code to fix the issue? I have no experience with Rails but I really hadn't expected that sessions would be client-side only.
thibaut_barrere
on Oct 14, 2013
|
next
[–]
FWIW, the fact that the default session store is client-side only is mentioned in the overview for beginners:
http://guides.rubyonrails.org/action_controller_overview.htm...
InAnEmergency
on Oct 14, 2013
|
parent
|
next
[–]
It's also mentioned in the security guide:
http://guides.rubyonrails.org/security.html#session-storage
_busb
on Oct 14, 2013
|
prev
[–]
Storing IDs in session cookies is not something the Rails framework introduced. Smh. It's easier to blame someone else's code though.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
