| View previous topic :: View next topic |
| Author |
Message |
mbchowdari
Joined: 08 May 2008
Posts: 52
|
 Posted: Wed Jul 01, 2009 3:31 am Post subject: How to modify session cookie name on HTTP authorization ? |
 |
|
Hi,
I'm trying to make a secure RSS feed for my site, and I want to separate it from the rest of the application, but whenever I use "authenticate_or_request_with_http_basic" it replaces the cookie used to store session information for the rest of the site.
So when I login, using HTTP Basic Authentication, it replaces the cookie used to store session information for the rest of the site, and I become logged out on it.
I'd like to change the name of the cookie used with authenticate_or_request_with_http_basic.
Any idea on how to go about it?
Thank you,
Chowdari. |
|
| Back to top |
|
 |
s.nagesh
Joined: 23 Jul 2007
Posts: 131
|
| Posted: Wed Jul 01, 2009 3:34 am Post subject: |
|
|
Hi chowdari,
I'm able to modify the cookie name for the RSS controller by using session
:session_key => "cookiename"
But as soon as I login using HTTP basic authentication it some how messes with the session on the rest of the site, which uses a cookie with another name to authenticate.
It doesn't matter what I set the cookie names to, as long as I am logged in with HTTP basic authentication the session for the rest of the site isn't handled correctly.
Here's my code:
class RssController < ActionController::Base
before_filter :verify_access
session :session_key => "_rss_session_id_"
def rss
@audits = Audit.find(
:all,
:limit => 20,
:order => 'audits.created_at asc',
:joins => 'JOIN memberships ON memberships.group_id = audits.group_id',
:conditions => "memberships.user_id = #{@current_user_rss.id} AND memberships.status = 1")
puts @audits.inspect()
respond_to do |format|
format.rss
end
end
def verify_access
ic = Iconv.new('UTF-8', 'latin1')
authenticate_or_request_with_http_basic("Private RSS-feed") do |username, password|
username = ic.iconv(username)
password = ic.iconv(password)
@current_user_rss = User.authenticate(username, password)
if @current_user_rss
true
else
false
end
end
end
end
let me konw if you have any problem..
Regards,
nagesh. |
|
| Back to top |
|
|
|
|
