Skip to content

Instantly share code, notes, and snippets.

@dannyradden

dannyradden/sessions.md

Forked from case-eee/sessions.md
Last active April 3, 2017 17:16
Show Gist options
  • Save dannyradden/c3447e300b84d1014b9045f24b0ac247 to your computer and use it in GitHub Desktop.
Save dannyradden/c3447e300b84d1014b9045f24b0ac247 to your computer and use it in GitHub Desktop.
Download ZIP
Sessions, Cookies, and Flashes
Raw
sessions.md

Sessions, Cookies, and Flashes

  1. If we didn't have cookies and sessions, what would happen?
    • We wouldnt be able to keep track of a users session, so they wouldnt be able to stay logged in.
  2. What is a cookie?
    • A cookie is a a piece of information stored in hash style on a users computer. They are unsecure and should not be used to store sensitive data. They also have an expiration date.
  3. What's the difference between a cookie and a session?
    • A session is similar to a cookie, but is secured so that it is secure.
  4. What's serialization and how does it come into play with sessions?
    • Serialization uses a private keyo to secure a session so that it cant be tampered with.
  5. Why would we want to store a user id in a session?
    • So that a user can stay logged in. In should be stored in a session and not a hash so that a user can maliciously change their user id to one with more privileges.
  6. What is a flash? How long does a flash have before it expires?
    • A flash is a special hash used to send a message from the controller to the user and it self destructs after it is sent.
  7. What syntax would I use to add a user_id key and value to the session?
    • session[:user_id] = user.id
  8. What does "HTTP is stateless" mean?
    • HTTP does not 'remember' anything about the user or events in the past.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment