问题描述
我有一个有效的Rails网站,使用来管理用户。对于会话管理,我使用devise的策略,并从用户的Cookie中检索加密的验证信息。
I have a working Rails site that uses devise to manage users. For session management, I am using devise's rememberable strategy, which stores and retrieves encrypted authentication information from a user's cookie.
我实施了使用Flash的多照片上传窗口小部件。 Flash不支持与请求一起发送Cookie。这是一个多重多上传flash + javascript库的问题,所以修复这个缺点可能不可行。
I'm implementing a multi-photo upload widget that uses flash. Flash does not support sending cookies along with requests. This is a problem with multiple multi-upload flash+javascript libraries, so fixing this shortcoming is probably not feasible.
所以我的问题是:我可以成功验证设计/记住不使用Cookie ?
So my question is: can I successfully authenticate to devise/rememberable without using cookies? And if so, how?
设计/记忆取决于 remember_token
。如果我可以愚弄Rails认为该值是作为一个cookie提供的(例如 request.cookies ['remember_token'] ='...'
),我的问题是解决了。 Devise / rememberable会在那里找到正确的值,解压缩它,并成功进行身份验证。然而, request.cookies
hash显然是只读的。写入哈希将被忽略。示例(来自传入POST请求的调试控制台):
Devise/rememberable depends on the value of remember_token
within the cookie. If I could fool Rails into thinking that the value was supplied as a cookie (e.g. request.cookies['remember_token'] = '...'
), my problem would be solved. Devise/rememberable would find the correct value there, unpack it, and successfully authenticate. However, the request.cookies
hash is apparently read-only. Writing to the hash is silently ignored. Example (debug console from an incoming POST request):
>> request.cookies['remember_token'] = 'a string'
=> "a string"
>> request.cookies['remember_token']
=> nil
>> request.cookies
=> {}
我正在使用(或尝试使用) widget。
I'm using (or trying to use) the FancyUpload v3 widget.
推荐答案
基于Devise 1.2.rc这样应该可以工作:
Based on Devise 1.2.rc something like this should work:
module Devise
module Strategies
class Rememberable
def remember_cookie
# your code to get the hashed value from the request
end
end
end
end
或者,您可以添加一个新的策略:
Alternatively, you could add a new (subclassed) strategy:
module Devise
module Strategies
class RememberableParameter < Rememberable
def remember_cookie
# your code to get the hashed value from the request
end
end
end
end
Warden::Strategies.add(:rememberable_parameter, Devise::Strategies::Rememberable)
或者,查看Token Authenticatable:
Or, look into Token Authenticatable:
祝你好运!
这篇关于使用设计“记忆”没有cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!