Hi there!

I am currently learning Rails 3 and have some doubts regarding sessions
and RESTful authentication, hope you can help me.

By default, Rails stores session information using cookies. That means
that if I do session[:user_id] = @user.id , it is stored in a cookie
automatically, so that’s all I have to do.

When I use ActiveRecord store, instead, we use the database for storing
session information.

The book I am following, explains together the ActiveRecord store for
sessions and the RESTful authentication, so I’m afraid I have mixed up
some concepts.

My doubt is: When using ActiveRecord storage for sessions, is this just
like using the cookie option, but with Rails automatically storing it in
the database? I mean, woul I still use it just like session[:user_id] =
@user.id and would Rails take care of storing it into the database?

If so, declaring sessions as a Resource, would be independent from using
ActiveRecord store, wouldn’t it?

I understand that, without declaring Sessions as a resource, I wouldn’t
have RESTful authentication, but the book uses ActiveRecord store, and
next, declares Sessions as a resource, and I don’t know if those are
independent.

Hope I have explained myself

Thanks for your responses!

On Jan 12, 9:12am, Francisco javier Baena [email protected]
wrote:

The book I am following, explains together the ActiveRecord store for
sessions and the RESTful authentication, so I’m afraid I have mixed up
some concepts.

My doubt is: When using ActiveRecord storage for sessions, is this just
like using the cookie option, but with Rails automatically storing it in
the database? I mean, woul I still use it just like session[:user_id] =
@user.id and would Rails take care of storing it into the database?

Whichever the session store (cookie store, activerecord store memcache
store etc.) the api (ie. how you use it in your app) is the same.

If so, declaring sessions as a Resource, would be independent from using
ActiveRecord store, wouldn’t it?

Correct.

Fred

Frederick C. wrote in post #974199:

On Jan 12, 9:12am, Francisco javier Baena [email protected]
wrote:

The book I am following, explains together the ActiveRecord store for
sessions and the RESTful authentication, so I’m afraid I have mixed up
some concepts.

My doubt is: When using ActiveRecord storage for sessions, is this just
like using the cookie option, but with Rails automatically storing it in
the database? I mean, woul I still use it just like session[:user_id] =
@user.id and would Rails take care of storing it into the database?

Whichever the session store (cookie store, activerecord store memcache
store etc.) the api (ie. how you use it in your app) is the same.

As Fred explained there’s little difference in how you use sessions
regardless of how they are stored, but it would be a good idea for you
to understand the tradeoffs and limitations of each type of storage.

For example the cookie session store is pretty much maintenance and
configuration free, but it is limited to 4K of data. This should be
sufficient for most application.

ActiveRecord session stores don’t have a size limit, but may require
some maintenance to clear old sessions from the database.

Memcache also removes the 4K limit, but may require configuration of a
memcached server.