Passing Session id to rest client

Hello,

How can I pass session id through my rails application to a rest client
through HTTParty or RestClient?

Thanks

On Fri, Sep 14, 2012 at 4:12 AM, Avi [email protected] wrote:

Hello,

How can I pass session id through my rails application to a rest client
through HTTParty or RestClient?

I would consider this a security problem, and a major one at that but
whatever who am I judge your bad security. You need to serialize the
object, I don’t know about the default session handler but I think it
responds to load and dump and even if it doesn’t you can always use
Marshal to Marshal the object but that means that the guy down the way
needs some of your code possibly to unmarshal it.

So, here is what I am trying to do :-

login_response = RestClient.post ‘Some URL’, :userName => ‘username’,
:password => ‘password’ // Here I am logging in to the site.
puts “login_response” // Here I am getting the response as an xml
format
which is a session_id

So for accessing the content after login, I need session id to perform
CRUD
operations.

search = RestClient.get ‘URL after login to search a list’ // here
need
to pass the session id. Or any suggestions what need to do in this case
?

Avi wrote in post #1075999:

So, here is what I am trying to do :-

login_response = RestClient.post ‘Some URL’, :userName => ‘username’,
:password => ‘password’ // Here I am logging in to the site.
puts “login_response” // Here I am getting the response as an xml
format
which is a session_id

So for accessing the content after login, I need session id to perform
CRUD
operations.

search = RestClient.get ‘URL after login to search a list’ // here
need
to pass the session id. Or any suggestions what need to do in this case
?

I’ve handled clients like these in one of a few of ways:

  1. Use a client implementation that supports HTTP cookies just like a
    web browser does. Login the normal way and let the client manage passing
    the cookie back to the server (just like a browser).

  2. Use a token based client authentication mechanism where the token is
    generated by the server with that token bound to the user account.
    Something like what Pivotal Tracker does with their API tokens.

  3. Use something like OAuth, which provides a way for external clients
    to authenticate through the OAuth protocol (probably overkill for your
    needs).