本文介绍了使用设计“记忆”没有cookie的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个有效的Rails网站,使用来管理用户。对于会话管理,我使用devise的策略,并从用户的Cookie中检索加密的验证信息。

I have a working Rails site that uses devise to manage users. For session management, I am using devise's rememberable strategy, which stores and retrieves encrypted authentication information from a user's cookie.

我实施了使用Flash的多照片上传窗口小部件。 Flash不支持与请求一起发送Cookie。这是一个多重多上传flash + javascript库的问题,所以修复这个缺点可能不可行。

I'm implementing a multi-photo upload widget that uses flash. Flash does not support sending cookies along with requests. This is a problem with multiple multi-upload flash+javascript libraries, so fixing this shortcoming is probably not feasible.

所以我的问题是:我可以成功验证设计/记住不使用Cookie

So my question is: can I successfully authenticate to devise/rememberable without using cookies? And if so, how?

设计/记忆取决于 remember_token 。如果我可以愚弄Rails认为该值是作为一个cookie提供的(例如 request.cookies ['remember_token'] ='...'),我的问题是解决了。 Devise / rememberable会在那里找到正确的值,解压缩它,并成功进行身份验证。然而, request.cookies hash显然是只读的。写入哈希将被忽略。示例(来自传入POST请求的调试控制台):

Devise/rememberable depends on the value of remember_token within the cookie. If I could fool Rails into thinking that the value was supplied as a cookie (e.g. request.cookies['remember_token'] = '...'), my problem would be solved. Devise/rememberable would find the correct value there, unpack it, and successfully authenticate. However, the request.cookies hash is apparently read-only. Writing to the hash is silently ignored. Example (debug console from an incoming POST request):

>> request.cookies['remember_token'] = 'a string'
=> "a string"
>> request.cookies['remember_token']
=> nil
>> request.cookies
=> {}

我正在使用(或尝试使用) widget。

I'm using (or trying to use) the FancyUpload v3 widget.

推荐答案

基于Devise 1.2.rc这样应该可以工作:

Based on Devise 1.2.rc something like this should work:

module Devise
  module Strategies
    class Rememberable
      def remember_cookie
        # your code to get the hashed value from the request
      end
    end
  end
end

或者,您可以添加一个新的策略:

Alternatively, you could add a new (subclassed) strategy:

module Devise
  module Strategies
    class RememberableParameter < Rememberable
      def remember_cookie
        # your code to get the hashed value from the request
      end
    end
  end
end
Warden::Strategies.add(:rememberable_parameter, Devise::Strategies::Rememberable)



或者,查看Token Authenticatable:

Or, look into Token Authenticatable:

祝你好运!

这篇关于使用设计“记忆”没有cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-27 23:46