Closed acsonefho closed 2 years ago
@sebastienbeau @Cedric-Pigeon @lmignon What do you think about this?
@acsonefho IMO we should find a better way to manage session information and no more rely on http headers.
best reading I know on the subject https://guides.rubyonrails.org/security.html
still valid?
Context Into the main Controller (
controllers.main:InvaderController
), we have a function named_get_shopinvader_session_from_headers(...)
who is used to load some parameters fromheaders
into the currentshopinvader_session
. If a sub-module want to add another value into theshopinvader_session
, we have to inherit this function and add customs keys.My question As we always/most of the time have to load header's keys who start with
"HTTP_SESS_"
, it is possible to load every headers keys who start with this"HTTP_SESS_"
. So if one day the locomotive part (for example) is updated and session values doesn't start anymore by"HTTP_SESS_"
, we have to update every modules to match with the new key. If we have this automatic load, we can just update the basic shopinvader module and we don't have to inherit this function (_get_shopinvader_session_from_headers(...)
) into each modules.Related questions