merb

Comments and changes to this ticket

• 

  Michael Klishin (antares) August 26th, 2008 @ 01:51 AM

  • → Milestone changed from “” to “0.9.6”
  • → State changed from “new” to “open”
• 

  Michael Klishin (antares) September 4th, 2008 @ 04:44 PM

  • → Assigned user changed from “” to “Fabien Franzen (loob2)”
• 

  Fabien Franzen (loob2) September 4th, 2008 @ 05:57 PM

  @Corey: could you be more specific about: - session_id_key vs. session_secret_key - which Exception gets raised - the 'exception method' - what's displayed?

  The new-sessions branch on merb-core features a complete refactored sessions implementation, including request.cookies. If you have a chance, try the new branch. New-sessions is targetted at 0.9.6 release.

• 

  Michael Klishin (antares) September 9th, 2008 @ 02:19 AM

  • → Milestone changed from “0.9.6” to “0.9.7”
• 

  Michael Klishin (antares) September 10th, 2008 @ 04:49 AM

  @Corey,

  Any updates on this, does this happen on HEAD with new sessions merged in recently?

• 

  Michael Klishin (antares) September 14th, 2008 @ 02:00 AM

  • → Milestone changed from “0.9.7” to “0.9.8”
• 

  Fabien Franzen (loob2) September 19th, 2008 @ 07:15 PM

  • → Tag changed from “cookie exception merb-core session” to “cookie exception merb-core session”
  • → State changed from “open” to “resolved”

  The new sessions (from 0.9.6 onwards) don't have any issues related to :session_id_key and :session_secret_key (using cookie-based sessions):

  Changing :session_id_key will prevent the cookie from being found at all.

  Changing :session_secret_key: will raise TamperedWithCookie, which is caught by the Exceptions controller.