Now would probably be a good time to start storing your Rails sessions in memcached instead of cookies
-
-
@bascule If the idea is authentication, what difference does it make? Memcache sessions still have authenticating cookie, no? -
@nirvdrum if you just use HMAC, the attacker controls the session data. With Memcached, you control the session data, and there's no crypto -
@bascule Right. IIRC,@igrigorik lost an argument to actually encrypt the session cookie because the overhead of encrypting 4K was too high. -
@nirvdrum@igrigorik they did eventually add a store that encrypts the session cookie but didn't MAC it, thus losing all confidentiality
End of conversation
New conversation -
-
-
@bascule@ubermajestix@aniero memcache is also roflscaleThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
.
@bascule yep. I maintained JRuby-memcache-client so I could do three things: store the session, cache fragments and push jobs to kestrel…Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@ubermajestix they got the rofl right -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.