rails下当post访问某个Action此Action中不能访问session

crazyjin 发布于 2013/04/08 20:48
阅读 705
收藏 0

如题!

登录时:session[:vip] = Vip.find

提交留言时:$.post('leavword.json',{"content":"xxxxxx"},function(data){},'json')

后台Action leavword中访问登录时保存的session[:vip]返回nil

网上查了一下说rails的session默认保存在cookie中,难道post和get两个http方法在cookie这方面还有差异?
现在看来是post时不向服务器发送cookie内容。


使用$.get时
Request URL:http://127.0.0.1:3000/vip/postBr.json?br%5Bcontent%5D=xxxxxxxxxxx
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:_shaheylu_session=BAh7CEkiD3Nlc3Npb25faWQGOgZFRkkiJTgwNjI5YjExNGE4NDA0ZTEyYTYzNjIwMDU4MDMxMDc0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMURlWHROQnFjdm45cGxkK3RseURDenRBVWxmOFlnV2FhRmxxajZJOWQ1S0E9BjsARkkiCHZpcAY7AEZvOghWaXAQOhBAYXR0cmlidXRlc3sRSSIHaWQGOwBUaQtJIgluYW1lBjsAVEkiDWNyYXp5amluBjsAVEkiCnB3TWQ1BjsAVDBJIg1zZWNFbWFpbAY7AFRJIhxlY2NlbnRyaWNqaW5wQGdtYWlsLmNvbQY7AFRJIghhZ2UGOwBUMEkiCHNleAY7AFRpAEkiCG93cwY7AFRJIgAGOwBUSSIIYm1sBjsAVDBJIgdkcAY7AFQwSSILc3RhdHVzBjsAVDBJIg9jcmVhdGVkX2F0BjsAVEl1OglUaW1lDU1LHMAAAICSBjoLQF96b25lSSIIVVRDBjsAVEkiD3VwZGF0ZWRfYXQGOwBUSXU7CA1NSxzAAACAkgY7CUkiCFVUQwY7AFQ6F0Bhc3NvY2lhdGlvbl9jYWNoZXsAOhdAYWdncmVnYXRpb25fY2FjaGV7ADoWQGF0dHJpYnV0ZXNfY2FjaGV7ADoQQG5ld19yZWNvcmRGOg5AcmVhZG9ubHlGOg9AZGVzdHJveWVkRjocQG1hcmtlZF9mb3JfZGVzdHJ1Y3Rpb25GOhhAcHJldmlvdXNseV9jaGFuZ2VkewA6GEBjaGFuZ2VkX2F0dHJpYnV0ZXN7BkkiCnB3TWQ1BjsARkkiJTQyZjZlOTVkNDBiYzBkMTE2MDY4ODFmOWRkYWNjNzIxBjsAVDoOQHJlbGF0aW9uMA%3D%3D--23f3ef1169c44b4fa8bc445e850f0be1cc087feb
Host:127.0.0.1:3000
Referer:http://127.0.0.1:3000/book/details/1
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31
X-Requested-With:XMLHttpRequest
Query String Parametersview sourceview URL encoded
br[content]:xxxxxxxxxxx
Response Headersview source
Cache-Control:max-age=0, private, must-revalidate
Connection:Keep-Alive
Content-Length:4
Content-Type:application/json; charset=utf-8
Date:Mon, 08 Apr 2013 13:15:14 GMT
Etag:"b326b5062b2f0e69046810717534cb09"
Server:WEBrick/1.3.1 (Ruby/1.9.3/2012-12-25)
Set-Cookie:_shaheylu_session=BAh7CEkiD3Nlc3Npb25faWQGOgZFRkkiJTgwNjI5YjExNGE4NDA0ZTEyYTYzNjIwMDU4MDMxMDc0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMURlWHROQnFjdm45cGxkK3RseURDenRBVWxmOFlnV2FhRmxxajZJOWQ1S0E9BjsARkkiCHZpcAY7AEZvOghWaXAQOhBAYXR0cmlidXRlc3sRSSIHaWQGOwBUaQtJIgluYW1lBjsAVEkiDWNyYXp5amluBjsAVEkiCnB3TWQ1BjsAVDBJIg1zZWNFbWFpbAY7AFRJIhxlY2NlbnRyaWNqaW5wQGdtYWlsLmNvbQY7AFRJIghhZ2UGOwBUMEkiCHNleAY7AFRpAEkiCG93cwY7AFRJIgAGOwBUSSIIYm1sBjsAVDBJIgdkcAY7AFQwSSILc3RhdHVzBjsAVDBJIg9jcmVhdGVkX2F0BjsAVEl1OglUaW1lDU1LHMAAAICSBjoLQF96b25lSSIIVVRDBjsAVEkiD3VwZGF0ZWRfYXQGOwBUSXU7CA1NSxzAAACAkgY7CUkiCFVUQwY7AFQ6F0Bhc3NvY2lhdGlvbl9jYWNoZXsAOhdAYWdncmVnYXRpb25fY2FjaGV7ADoWQGF0dHJpYnV0ZXNfY2FjaGV7B0kiD2NyZWF0ZWRfYXQGOwBUVTogQWN0aXZlU3VwcG9ydDo6VGltZVdpdGhab25lWwhAHEkiCFVUQwY7AEZAHEkiD3VwZGF0ZWRfYXQGOwBUVTsNWwhAH0AmQB86EEBuZXdfcmVjb3JkRjoOQHJlYWRvbmx5RjoPQGRlc3Ryb3llZEY6HEBtYXJrZWRfZm9yX2Rlc3RydWN0aW9uRjoYQHByZXZpb3VzbHlfY2hhbmdlZHsAOhhAY2hhbmdlZF9hdHRyaWJ1dGVzewZJIgpwd01kNQY7AEZJIiU0MmY2ZTk1ZDQwYmMwZDExNjA2ODgxZjlkZGFjYzcyMQY7AFQ6DkByZWxhdGlvbjA%3D--e6f34d6fc68b47359546657a3cadf167187acc6f; path=/; HttpOnly
X-Request-Id:82a801719b7940d0a507be4bb4b789f2
X-Runtime:0.043044
X-Ua-Compatible:IE=Edge


使用$.post时


Request URL:http://127.0.0.1:3000/vip/postBr.json
Request Method:POST
Status Code:500 Internal Server Error
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:36
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:_shaheylu_session=BAh7CEkiD3Nlc3Npb25faWQGOgZFRkkiJTgwNjI5YjExNGE4NDA0ZTEyYTYzNjIwMDU4MDMxMDc0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMURlWHROQnFjdm45cGxkK3RseURDenRBVWxmOFlnV2FhRmxxajZJOWQ1S0E9BjsARkkiCHZpcAY7AEZvOghWaXAQOhBAYXR0cmlidXRlc3sRSSIHaWQGOwBUaQtJIgluYW1lBjsAVEkiDWNyYXp5amluBjsAVEkiCnB3TWQ1BjsAVDBJIg1zZWNFbWFpbAY7AFRJIhxlY2NlbnRyaWNqaW5wQGdtYWlsLmNvbQY7AFRJIghhZ2UGOwBUMEkiCHNleAY7AFRpAEkiCG93cwY7AFRJIgAGOwBUSSIIYm1sBjsAVDBJIgdkcAY7AFQwSSILc3RhdHVzBjsAVDBJIg9jcmVhdGVkX2F0BjsAVEl1OglUaW1lDU1LHMAAAICSBjoLQF96b25lSSIIVVRDBjsAVEkiD3VwZGF0ZWRfYXQGOwBUSXU7CA1NSxzAAACAkgY7CUkiCFVUQwY7AFQ6F0Bhc3NvY2lhdGlvbl9jYWNoZXsAOhdAYWdncmVnYXRpb25fY2FjaGV7ADoWQGF0dHJpYnV0ZXNfY2FjaGV7B0kiD2NyZWF0ZWRfYXQGOwBUVTogQWN0aXZlU3VwcG9ydDo6VGltZVdpdGhab25lWwhAHEkiCFVUQwY7AEZAHEkiD3VwZGF0ZWRfYXQGOwBUVTsNWwhAH0AmQB86EEBuZXdfcmVjb3JkRjoOQHJlYWRvbmx5RjoPQGRlc3Ryb3llZEY6HEBtYXJrZWRfZm9yX2Rlc3RydWN0aW9uRjoYQHByZXZpb3VzbHlfY2hhbmdlZHsAOhhAY2hhbmdlZF9hdHRyaWJ1dGVzewZJIgpwd01kNQY7AEZJIiU0MmY2ZTk1ZDQwYmMwZDExNjA2ODgxZjlkZGFjYzcyMQY7AFQ6DkByZWxhdGlvbjA%3D--e6f34d6fc68b47359546657a3cadf167187acc6f
Host:127.0.0.1:3000
Origin:http://127.0.0.1:3000
Referer:http://127.0.0.1:3000/book/details/1
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31
X-Requested-With:XMLHttpRequest
Form Dataview sourceview URL encoded
br[content]:xxxxxxxxxxxxxxxxxxxx
Response Headersview source
Connection:Keep-Alive
Content-Length:14057
Content-Type:text/html; charset=utf-8
Date:Mon, 08 Apr 2013 13:20:45 GMT
Server:WEBrick/1.3.1 (Ruby/1.9.3/2012-12-25)
X-Request-Id:971cf7210bd1f3d60ca45eb820d22145
X-Runtime:0.023185

加载中
0
红薯
红薯
没道理吧,session 是保持在服务器端,只不过会生成一个名为 xxsessionid 的 cookie
0
crazyjin
crazyjin

引用来自“红薯”的答案

没道理吧,session 是保持在服务器端,只不过会生成一个名为 xxsessionid 的 cookie

但是确实发生在了我的代码里:只要把$.get 改成$.post就访问不到session[:vip]

ruby1.9.3

rails 3.2.11

0
Rubyfans
Rubyfans
楼主看下Rails api: csrf_meta_tags
0
crazyjin
crazyjin

引用来自“yihub.com”的答案

楼主看下Rails api: csrf_meta_tags

我看了stackoverflow上的解释。非常有帮助,谢谢。

http://stackoverflow.com/questions/941594/understand-rails-authenticity-token

返回顶部
顶部