before_destroy and sessions

Dean · November 17, 2006, 5:26am

Justin Skolnick wrote:

(Semi-newbie.) I want to ensure a user's able to destroy only his own objects. I've set session info at login:

session[:user_id] = user.id

Is the session cookie secure? How easy is it to forge a sessionn with someone else's user.id?

--Dean

Topic		Replies	Views
before_destroy and sessions rubyonrails-talk	1	139	November 18, 2006
How to destroy objects associated with cookie-based sessions? rubyonrails-talk	0	107	December 11, 2007
how to destroy a session in the proper way. rubyonrails-talk	0	144	December 7, 2007
before_destroy and sessions rubyonrails-talk	0	86	November 17, 2006
Session not getting destroyed on Logout rubyonrails-talk	4	164	December 11, 2008