is it true that Rails depend on cookies? It seems that flash is a part of session, and session uses cookies... so when i disable cookie in Firefox, what was working became
ActionController::InvalidAuthenticityToken
so is it true that for a RoR app to work, cookies are mandatory?
Because HTTP is stateless, information that is stored while navigating from page to page, even if it's just from one page to another, has to be stored somewhere. One solution to this is to use a session database, but even then, the session id is usually stored in a cookie. For things like the flash in a RoR rails app, cookies are the better solution as the flash just relay's messages related to the state of the application.
I believe there is going to be in-browser storage as part of the W3C HTML 5 standard but until then we are stuck with cookies
Roderick van Domburg wrote:
So theoretically: no, Rails apps don't require cookies. But what are the practical reasons to be concerned about them?
because i was trying a Rails app (from the book Simply Rails 2.0)... and at the "Flash" part, (not Adobe Flash), it talks about next action passing of info... and without saying how it works. Another book (Rails Recipe) says that it is part of the Session object, and it uses cookies to do it.
So I instantly disabled cookie on Firefox using Web Developer add-on, and then, my Rails site that was working before now gave an error... and didn't work...
that's the concern... turning off cookie broke my Rails app.
Robert Walker wrote:
that's the concern... turning off cookie broke my Rails app.
Generally speaking, yes it will. Just like it will break almost any web application Rails or otherwise.
or to put it this way, if to make the Rails app work even when user turns off cookie, is there a simple and quick way?
is it simpler if there is only one server (Apache running Passenger (mod_rails))?
Robert Walker wrote:
SpringFlowers AutumnMoon wrote:
is it true that Rails depend on cookies? It seems that flash is a part of session, and session uses cookies... so when i disable cookie in Firefox, what was working became
ActionController::InvalidAuthenticityToken
so is it true that for a RoR app to work, cookies are mandatory?
FYI: Cookies are required for practically every web based application on the internet. This is not at all unique to Rails. There are only a limited number of ways to maintain session state. 1. Using cookies (my guess is > 80% of sites use this method), 2. Putting a session id in the URL (ugly, but works). 3. Hidden fields in forms to pass state from one request to another (very ugly, but requires no client-side storage of state). 4. HTML 5 local session storage (not practical since it'll take Microsoft years to support HTML 5. They can barely do HTML 4).
I believe option 4 is the way forward since it provides all the benefits of cookies, and practically none of their shortcomings. Just don't expect that to be practical anytime soon. Note: Safari 4 public beta has complete support for HTML 5 local storage (maybe others too). Let's just hope the others eventually catch up.
I assume that users will have the option to disable HTML 5 browser-local storage. I also assume that people who turn off cookies will most likely disable local storage. In that event, I'm not sure how this solves the problem, and we're at square one again.
Just a thought.
Cheers, Darrik
