How can I implement cookieless flash messages on R

2019-05-14 10:16发布

问题:

I'm developing a facebook app so I can't rely on cookies due to P3P (Privacy Preferences Project) and yep, it's a damn pain (see slides 18 and 19 on this slideshare about Rails and Facebook apps for a picture of it)...

In a facebook app every cookie, from browsers perspective, is a third-party cookie. And many browsers block them by default.

So my question is: How can I implement flash messages without rely on cookies?

UPDATE:

I modified session_store.rb and the DB accordingly. Now the sessions are stored on DB but the flash messages are still relying on cookies... Any idea please?

UPDATE#2:

I finally found a workaround, see my answer below. Best thing to do would be to ajax everything (according to the above-linked slideshare) but as a quick fix my solution should work.

回答1:

I finally found a workaround implementing my own (simple) flash messages and passing them through the params from one request to another.

First of all, I overwritten default_url_options in application_controller.rb to append to every request a :my_flash param:

def default_url_options 
  { :my_flash => @my_flash }
end    

Then, always in application_controller.rb, I wrote a my_flash_from_params before_filter to set the @my_flash variable:

def my_flash_from_params
  @my_flash = params[:fb_flash]
end 

Finally I rendered the following _my_flash.html.erb partial in application.html.erb

<div class="my_flash">
  <%= my_flash %>
</div>  

Calling:

 <%= render :partial => "layouts/my_flash", :locals => {:my_flash => @my_flash} if @my_flash %>

If you want to try this solution see also this answer about default_url_options rewriting.



回答2:

Flash messages are built on top of the session. So you could still rely on the flash if you change the session store to use the database. This can be easily done by editing config/initializers/session_store.rb and following the instructions on that file.

Here's more information on the topic: Action Controller Overview -> Session