Sessions, Cookies, and Flashes
- If we didn't have cookies and sessions, what would happen?
- you would not be able to "hold on to" data between http requests since http is stateless - it does not know about any other requests previously made.
- What is a cookie?
- a cookie is a key value pair stored in a user's browser until its specified experation date.
- What's the difference between a cookie and a session?
- A session is an entire hash and is a secure version of a cookie. Cookies are just key value pairs. Session is stored server side and cookie is stored browser side.
- What's serialization and how does it come into play with sessions?
- the value data is unreadable by humans and you have to have the key to "de-serialize" it. It makes session data more secure unlike cookie data that you can change easily.
- Why would we want to store a user id in a session?
- to keep track of whether they are loggedin in or not, and their movement while logged in
- What is a flash? How long does a flash have before it expires?
- a flash is a hash-like object that only persists from one request to another - mostly used to provide feedback to the user when submitting forms.
- What syntax would I use to add a
user_id
key and value to the session?
session[:user_id] = user.id
- What does "HTTP is stateless" mean?
- it does not remember previous requests.