Can insecure authentication work with disabled cookies?

Question

Can insecure authentication work with disabled cookies?

If the user has cookies disabled in their browser, is it still possible to restore calm authentication and role?

On our site with cookies disabled, the system will not allow you to enter. Any way to fix this?

Thanks in advance.

+2

ruby-on-rails cookies restful-authentication

chrishomer 03 oct. 09 at 20:35

source to share

2 answers

Yes and no. The only way to make this work is to add the session key to your URL. This is a proven security issue, so don't go there!

0

Ariejan 04 oct. 09 at 20:11

source to share

cwninja · Accepted Answer · 2009-10-04T20:37:25+0000

You should be able to force users to login via HTTP Auth. The use is request_http_basic_authentication

to make the browser auth request. This will be remembered by the browser.

Or is it better to override login_from_basic_auth

in authenticated_system.rb

:

def login_from_basic_auth
  authenticate_or_request_with_http_basic do |login, password|
    self.current_user = User.authenticate(login, password)
  end
end

This will most likely force all users to view the HTTP authentication page. You should probably only do this for users who are known to lack cookie support.

Can insecure authentication work with disabled cookies?

More articles: