Closed imwilsonxu closed 12 years ago
Hi, Thanks giving this suggestion, the purpose of using sinatra in this example is just to give a clue of integrating weibo_2 into a normal ruby project, I was not considering sinatra security or performance. However, since it's a open source project, please feel free to add what you think might improve it then pull request, I will try to merge it if it's proper. Thanks again, I am closing this issue.
Thanks for for your reply.
I just tried the example and found session[:uid] was missing after oauth. Weird, after some digging, I was pretty sure that the session was regnerated for every request since I use tmp/always_restart.txt for easier dev.
This could be fixed by either remove always_restart or set session secret, so I created an issue which might help others.
Best,
Gotcha, thank you for paying attention.
From Sinatra's doc:
Setting session secret not only increase security, but prevent Sinatra from regenerating session every time if you use shotgun or tmp/always_restart.
So, a simple hotfix, in
config.ru
: