Rails Session: How it works?

Hello All,

I would need someone to explain to me how Rails session works? I need
all
the options available and tricks (if any).

Regards,
Emeka

It’s pretty tough to answer such a vague question. What about the Guide
didn’t help you? http://guides.rubyonrails.org/security.html

Hello Jim,

Thanks for that link. However, I would want to know how it is
accomplished?
is it cookie based? And which algorithm is used to generate the random
object?

Emeka

On Mon, May 23, 2011 at 7:42 AM, Jim T. [email protected] wrote:

You received this message because you are subscribed to the Google G.
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.


*Satajanus Nig. Ltd

On 23 May 2011, at 09:16, Emeka wrote:

Thanks for that link. However, I would want to know how it is
accomplished? is it cookie based? And which algorithm is used to
generate the random object?

Yes, a session is cookie-based.

If you want to find out every single little detail, just read the
Rails codebase. That’s the great thing about opensource, isn’t it?

Best regards

Peter De Berdt

Thanks so much.

However, I am using the so-called cookieStore.

session[:user_id] = user.id

Will this be saved at the client? Will the client see the user.id?

What is saved at the client? And how is the server relates to that?

Emeka
On Mon, May 23, 2011 at 9:03 AM, Peter De Berdt
[email protected]wrote:

If you want to find out every single little detail, just read the Rails
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.


*Satajanus Nig. Ltd

On 23 May 2011 10:15, Emeka [email protected] wrote:

However, I am using the so-called cookieStore.
session[:user_id] = user.id
Will this be saved at the client? Will the client see the user.id?

What is saved at the client? And how is the server relates to that?

These questions are all answered in the first few paragraphs of the
‘Session’ section of ‘Action Controller Overview’ guide:

http://guides.rubyonrails.org/action_controller_overview.html#session

and there is more detail along with security recommendations in the
Security Guide:

http://guides.rubyonrails.org/security.html#sessions

Chris

Thanks you all.

Emeka

On Mon, May 23, 2011 at 10:28 AM, Chris M. [email protected]
wrote:

http://guides.rubyonrails.org/action_controller_overview.html#session
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.


*Satajanus Nig. Ltd

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs