cookies are mandatory for Rails app?

is it true that Rails depend on cookies? It seems that flash is a part
of session, and session uses cookies... so when i disable cookie in
Firefox, what was working became

ActionController::InvalidAuthenticityToken

so is it true that for a RoR app to work, cookies are mandatory?

Because HTTP is stateless, information that is stored while navigating
from page to page, even if it's just from one page to another, has to
be stored somewhere. One solution to this is to use a session
database, but even then, the session id is usually stored in a
cookie. For things like the flash in a RoR rails app, cookies are the
better solution as the flash just relay's messages related to the
state of the application.

I believe there is going to be in-browser storage as part of the W3C
HTML 5 standard but until then we are stuck with cookies

Roderick van Domburg wrote:

So theoretically: no, Rails apps don't require cookies. But what are the
practical reasons to be concerned about them?

because i was trying a Rails app (from the book Simply Rails 2.0)... and
at the "Flash" part, (not Adobe Flash), it talks about next action
passing of info... and without saying how it works. Another book (Rails
Recipe) says that it is part of the Session object, and it uses cookies
to do it.

So I instantly disabled cookie on Firefox using Web Developer add-on,
and then, my Rails site that was working before now gave an error... and
didn't work...

that's the concern... turning off cookie broke my Rails app.

Robert Walker wrote:

that's the concern... turning off cookie broke my Rails app.

Generally speaking, yes it will. Just like it will break almost any web
application Rails or otherwise. :slight_smile:

or to put it this way, if to make the Rails app work even when user
turns off cookie, is there a simple and quick way?

is it simpler if there is only one server (Apache running Passenger
(mod_rails))?

Robert Walker wrote:

SpringFlowers AutumnMoon wrote:

is it true that Rails depend on cookies? It seems that flash is a part
of session, and session uses cookies... so when i disable cookie in
Firefox, what was working became

ActionController::InvalidAuthenticityToken

so is it true that for a RoR app to work, cookies are mandatory?

FYI: Cookies are required for practically every web based application on the internet. This is not at all unique to Rails. There are only a limited number of ways to maintain session state. 1. Using cookies (my guess is > 80% of sites use this method), 2. Putting a session id in the URL (ugly, but works). 3. Hidden fields in forms to pass state from one request to another (very ugly, but requires no client-side storage of state). 4. HTML 5 local session storage (not practical since it'll take Microsoft years to support HTML 5. They can barely do HTML 4).

I believe option 4 is the way forward since it provides all the benefits of cookies, and practically none of their shortcomings. Just don't expect that to be practical anytime soon. Note: Safari 4 public beta has complete support for HTML 5 local storage (maybe others too). Let's just hope the others eventually catch up.

I assume that users will have the option to disable HTML 5 browser-local storage. I also assume that people who turn off cookies will most likely disable local storage. In that event, I'm not sure how this solves the problem, and we're at square one again.

Just a thought.

Cheers,
Darrik