How do I send session id other than from cookie.

My requirement is to make a controller method to be able to accept
session id from cookie, if it is disabled/not available then from
request body.

This way I will return a session id from login request and use the same
session_id for any subsequent request body, if it's not a browser
request.

Will this work?

Session is like an hash to store data with an application request.

It should work if you store a session while login like session[:user]=“Myname_123”
it will renmain in the application until or unless you make it nil
session[:user]=nil

it is versy simple in consept

now session id it is identification of an particular session

and browser you know I use session in android emulator

now your turn

Rajarshi wrote in post #1090682:

Session is like an hash to store data with an application request.

It should work if you store a session while login like
session[:user]="Myname_123"
it will renmain in the application until or unless you make it nil
session[:user]=nil

it is versy simple in consept

now session id it is identification of an particular session

and browser you know I use session in android emulator

now your turn

Thanks Rajarshi for your reply!
But that's not my question is - let me put in other way:
If I am using sessionstore, the _session_id has to be passed through
browser cookie. Now, If I disable cookie in the browser the entire
system doesn't work. So, what is the other alternative I can pass the
session id through? if cookie is disabled.
Tried passing as request parameter, but that doesn't work. Any
suggestion plese?

you can use many option

  1. memcache to store session in server
    2.Activerecord to store session id in database so no need of your browser

many others

Rajarshi wrote in post #1090684:

you can use many option
1. memcache to store session in server
2.Activerecord to store session id in database so no need of your
browser

many others

I am using Activerecord only to store the session, but in some way
client has to send that session ID to server to retrieve the logged-in
session data, otherwise each time server will create a new session ID.
Right?

Try passing it in the URL. Read more about URL rewriting in case of disabled cookies.

It has some disadvantages. http://www.javapractices.com/topic/TopicAction.do?Id=226

You cannot use sessions without cookies enabled.

That said, you might remember what PHP does with the PHPSESSIONID parameter appended to all URLs rendered in the page. You might want to do something similar.

Shiv Narayan Gautam wrote in post #1090687:

Try passing it in the URL. Read more about URL rewriting in case of
disabled cookies.

It has some disadvantages.
http://www.javapractices.com/topic/TopicAction.do?Id=226

--
Shiv

Can this be done in Ruby on Rails? I am aware that it works for JSP and
PHP.

It’s not secure, session spoofing is a serious issue. I would encourage not going that route.

It can be done in rails, needs a bit of work but sure. Ideally, you’ll alias_method_chain url_for and read the session in a parent controller, like ApplicationController and initialize your current user and any other session information from that.

Dheeraj Kumar wrote in post #1090690:

It's not secure, session spoofing is a serious issue. I would encourage
not going that route.

It can be done in rails, needs a bit of work but sure. Ideally, you'll
alias_method_chain url_for and read the session in a parent controller,
like ApplicationController and initialize your current user and any
other session information from that.

--
Dheeraj Kumar

Please suggest which route to follow, in order to make application work
even though cookies are disabled in the browser.

Thanks in advance for any help in this line.

you can send encrypted session id for that

your url should be like /users?session_id='dasdadasdas2313124213213_session_application" with encrypted session id

now after getting request you have to decrypt the session

use base64 for it

I just said what you need. chain the url_for method to add session id to the parameters, and read the session id in your application controller, look it up in your session store, active record or memcache, then load whatever information you want from the database.

Dheeraj Kumar wrote in post #1090693:

I just said what you need. chain the url_for method to add session id to
the parameters, and read the session id in your application controller,
look it up in your session store, active record or memcache, then load
whatever information you want from the database.

--
Dheeraj Kumar

Thanks Dheeraj. Truly appreciate if you can point me to some code
examples for this.

Thanks

url_for(:controller => “name of the controller”, :action => “name pf the aciont”, :session => params[:value])

or

users_url(:session => params[:value])
it will create a dybnamic url like /users?session=“sdsadsadasdas213213213”

and in params[:value] you have to encrypt the session id what you get from database
or encode64(params[:value])

now while it i s hitting it will send the request in that reuqest you have to parse it by decode64() and match the session id

Instead of adding a session parameter to every url_for call, alias method chain it. any url helper calls url_for anyway, so you’re good.

Make sure the encryption is good with the session id, and don’t use weak ones like base64, they make session spoofing so much easier.

yes I know

Dheeraj Kumar wrote in post #1090702:

Instead of adding a session parameter to every url_for call, alias
method chain it. any url helper calls url_for anyway, so you're good.

Make sure the encryption is good with the session id, and don't use weak
ones like base64, they make session spoofing so much easier.

--
Dheeraj Kumar

Are you referring this way:
http://brantinteractive.com/2008/05/13/cookieless-sessions-in-rails/

When I try below code in my application controller, it gives an error
saying - undefined method `session_id' for
#<ActionDispatch::Session::AbstractStore::SessionHash:0x13423c80>

def default_url_options(options)
  # set a cookie if it's nil
  cookies[:_session_id] ||= { :value => 'true', :expires =>
10.seconds.from_now }
    { :_session_id => (request.xhr? ? params[:_session_id] :
session.session_id) } unless cookies[:_session_id]
end

Am I missing something here?

Btw, I am using rails 3.0.5.

replace session.session_id it with session[:session_id]

I don’t think it’s a hash with indifferent access.

Dheeraj Kumar wrote in post #1090761:

replace session.session_id it with session[:session_id]

I don't think it's a hash with indifferent access.

--
Dheeraj Kumar

No, it doesn't work, it creates a new session id even if I pass a logged
in session ID though URL.
Console log says;
::: Checking session expiry
::: Initializing session expiry. Expires at 2013-01-02 01:30:41 +0530
Redirected to http://localhost:3000/