Comments on: Write a Sinatra-based Twitter clone in 200 lines of Ruby code

By: wuliwong

wuliwong — Thu, 22 Dec 2011 19:26:04 +0000

In fact, the real point is that there is TONS that Rails does that Sinatra doesn’t. For some people that is a big plus for Sinatra and for others it’s a big minus.

By: Paul McClean

Paul McClean — Fri, 13 May 2011 11:51:44 +0000

Sausheong, thank you for putting this together. You have a great knack for explaining things clearly and I find myself coming back to your site more and more as I’m getting deeper into Ruby.

By: Joe

Joe — Fri, 12 Mar 2010 12:08:56 +0000

Seems like your session key has a huge security flaw. In your login route you set:

session[:userid] = user.id

But that’s just a serial primary key, which means it’s really easy to guess a valid session id (you wouldn’t know who you were impersonating, but you could easily impersonate *someone* else). It would be better to have separate LoginSession and User datamapper models, and do something like:

session[:sessionid] = login_session.uuid

Using a UUID makes it highly unlikely that one user can guess any other valid session identiier. It also allows easily expiring login sessions (delete the LoginSession records) without affecting users.

By: templerel

templerel — Fri, 13 Nov 2009 19:16:37 +0000

Thank you for a very instructive article – more often I will go

By: subreto

subreto — Wed, 09 Sep 2009 15:04:28 +0000

What is Twitter and How Can I Use It?