使用设计“记忆”没有cookie [英] Using devise "rememberable" without cookies

问题描述

我有一个有效的Rails网站，使用设计来管理用户。对于会话管理，我使用devise的可记住策略，并从用户的Cookie中检索加密的验证信息。

I have a working Rails site that uses devise to manage users. For session management, I am using devise's rememberable strategy, which stores and retrieves encrypted authentication information from a user's cookie.

我实施了使用Flash的多照片上传窗口小部件。 Flash不支持与请求一起发送Cookie。这是一个多重多上传flash + javascript库的问题，所以修复这个缺点可能不可行。

I'm implementing a multi-photo upload widget that uses flash. Flash does not support sending cookies along with requests. This is a problem with multiple multi-upload flash+javascript libraries, so fixing this shortcoming is probably not feasible.

所以我的问题是：我可以成功验证设计/记住不使用Cookie ？

So my question is: can I successfully authenticate to devise/rememberable without using cookies? And if so, how?

设计/记忆取决于 remember_token 。如果我可以愚弄Rails认为该值是作为一个cookie提供的（例如 request.cookies ['remember_token'] ='...'），我的问题是解决了。 Devise / rememberable会在那里找到正确的值，解压缩它，并成功进行身份验证。然而， request.cookies hash显然是只读的。写入哈希将被忽略。示例（来自传入POST请求的调试控制台）：

Devise/rememberable depends on the value of remember_token within the cookie. If I could fool Rails into thinking that the value was supplied as a cookie (e.g. request.cookies['remember_token'] = '...'), my problem would be solved. Devise/rememberable would find the correct value there, unpack it, and successfully authenticate. However, the request.cookies hash is apparently read-only. Writing to the hash is silently ignored. Example (debug console from an incoming POST request):

>> request.cookies['remember_token'] = 'a string'
=> "a string"
>> request.cookies['remember_token']
=> nil
>> request.cookies
=> {}

我正在使用（或尝试使用） FancyUpload v3 widget。

I'm using (or trying to use) the FancyUpload v3 widget.

推荐答案

基于Devise 1.2.rc这样应该可以工作：

Based on Devise 1.2.rc something like this should work:

module Devise
  module Strategies
    class Rememberable
      def remember_cookie
        # your code to get the hashed value from the request
      end
    end
  end
end

或者，您可以添加一个新的策略：

Alternatively, you could add a new (subclassed) strategy:

module Devise
  module Strategies
    class RememberableParameter < Rememberable
      def remember_cookie
        # your code to get the hashed value from the request
      end
    end
  end
end
Warden::Strategies.add(:rememberable_parameter, Devise::Strategies::Rememberable)

或者，查看Token Authenticatable：

Or, look into Token Authenticatable:

Token Authenticatable：根据验证令牌（也称为
单一存取凭证）登入使用者。可以通过查询字符串或
给出令牌。
HTTP基本身份验证

Token Authenticatable: signs in a user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication

https://github.com/plataformatec/devise/blob /master/lib/devise/models/token_authenticatable.rb

祝你好运！

这篇关于使用设计“记忆”没有cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！