The latest news in the Ruby and Rails community.

Subscribe to our mailing list!

Episode #413

October 22nd, 2013

This week: new Rails releases, upgrading to Rails 4 open-sourced, migrant attributes, a look at evolution of the distributed Travis architecture, and how GitHub models...

Stories

Modeling Your App’s User Session

In a brief blog post, Josh Peek from GitHub discusses a recent decision to persist user sessions in the database instead of storing them in cookies entirely. Josh mentions that stateless session stores are vulnerable to replay attack which allow attackers to impersonate other users. Storing the session inside of cookies also makes it impossible to revoke a session, which can be a serious issue. They created their own UserSession model which allowed them to easily customize the behavior of the UserSession, for instance with a sudo mode that requires the user’s password to be entered at least once every hour when accessing sensitive settings. They still create a user_session cookie which references a unique ID generated by the UserSession model, but the only things stored inside of that cookie pertains to non-­sensitive data like flashes and form state.

Visit site → Permalink

Previous Episodes

Episode #412

RubinusX, details on a rewrite of ActiveModel::Serializers, using docker to parallelize your tests, cleaning up your use of Rails.env, and several other fun tidbits on this episode of Ruby5

Episode #411

Ruby refactorings, generate PDFs with Shrimp, speed up your Travis, infographic on the Ruby Stack and secure your Cookies.

Episode #410

Today only! Some feature testing tips, a tour through all things random with Ruby, Capistrano and Wicked get some updates, reactive_record, and your fairy godmother Ruby pays a visit to tell you all about Heroku support for Websockets.

Episode #409

One day, two rubies with Rubinius 2.0 and JRuby 1.7.5. MRI 2.1 vs Rubinius 2.0 benchmark, Virtus 1.0, Capistrano woes, and help Ruby on Sails.

View the archives →

Looking to learn about Ruby? Take a look at the Ruby Path on Code School

This podcast is produced and distributed by Code School. Copyright © 2015 Code School LLC