Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Why SessionID in ruby-on-rails web application is changing?


  • Please log in to reply

#1
ramesrocks

ramesrocks

    New Member

  • Member
  • Pip
  • 2 posts

I am having a doubt that why my SessionID is changing for each web page after login in ruby-on-rails web application. Generally SessionID will be constant for a user through out the session till the user logoff. But in my case its changing. I am using a ruby webapplication - assancart, I used a python code for getting the cookie data from the cookiejar.

The data in cookie I got it after login is:

BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiJTEzZjQ3MWVlYzFjYzEwMWM2MzRlNGYxYWUyYWFkMDVhBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUNHNmQ0c3V3bGFKVXZnTE11cllEdEViQW1kTUh2QW8yYmxQV2ZIRTlxeGc9BjsARg%3D%3D--e7a7067f9124f0e9524ad580acd3461240df9a95

When I decode it, I got

{"session_id"=>"13f471eec1cc101c634e4f1ae2aad05a",
"_csrf_token"=>"CG6d4suwlaJUvgLMurYDtEbAmdMHvAo2blPWfHE9qxg="}

When I click a link in that page (after login) and again tried to read cookie, then I got cookie data as:

BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiJWE1YzJhY2QyM2I1ZWJiZTZkNGJhODI2MTE5MDRhYjg2BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMWVJdjZkWnE4QnJVeXFQV2JiUnZ4b1VqOWQwL2IzLzI1QThhRDJaRmo1MjQ9BjsARg%3D%3D--ffdc5c4a36a476d0b2f5ccf7917ca74a6687a42f

When I decode the above result, I got:

{"session_id"=>"a5c2acd23b5ebbe6d4ba82611904ab86",
"_csrf_token"=>"eIv6dZq8BrUyqPWbbRvxoUj9d0/b3/25A8aD2ZFj524="}

When I compare both the SessionID it differs, but SessionID must be same for throughout the login. Why it is happening to me like that.

Other thing I want to know is cookies will have session values also, but I am not getting that session values such as session role, etc etc, when I am reading cookie.

Can any one give me a answer for this?


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP