Users cannot accept cookies. How can I switch to DB managed sessions?
Replies (2)
RE: Users cannot accept cookies. How can I switch to DB managed sessions?
-
Added by Felix Schäfer over 13 years ago
Rodrigo Carvalho wrote:
Due to internal security policy, my client cannot accept cookies from browsers. So whenever they try to login they get the 'Invalid Authenticity Form Token' message. How can I get around this?
You can't.
You're confusing two things here: sessions and cookies. The sessions can be stored in cookies, but not storing them in cookies doesn't remove the need for cookies (when the session is not stored in the cookie, rails still sets a cookie with a (encrypted and signed) key to retrieve the correct session for the current user).
I haven't given it much thought, but off the top of my head, I'd say it's difficult to make a rails app not use cookies, and I think even more so in Redmine.
RE: Users cannot accept cookies. How can I switch to DB managed sessions?
-
Added by Rodrigo Carvalho over 13 years ago
Thanks for the reply Felix. From experimentation with various setups, I have managed to make the above Redmine installation work on IE 8 while blocking cookies (tools > internet options > privacy > advanced > select override... and block in both columns). The same does not work with Firefox however.
Having said that, I can only access redmine while blocking cookies localy (i.e. localhost/redmine). When I try on a remote IE 8 browser with the same cookie blocking settings, the same doesn't work (i.e. www.foo.com/redmine). Is there anything you know about that?