ruby on rails - Passing a token securely from one controller method to another -
i want generate random token user. ux reasons, want generate token in mycontroller#new in order show in new view. need pass create method. however, want prevent user changing it.
i know of 3 ways it:
- pass hidden field
- pass through sessions
- write database, marked incomplete, set complete in
create method
the first 2 approaches not secure, while last overkill.
is there way securely pass parameter new create method in controller?
sessions in rails , # , above very secure because hashed. official library says there no practically evidences of session hash been compromised user can delete token browser can't change logically correct value.
what can save value in sessions , make hash value token , save in session on receiving side can regenerate hash session , verify value.
no user can edit both session values match. if not matching can discard values , throw error page.
i hope answered you, if there misunderstanding pls ask.
Comments
Post a Comment