Sessions, Cookies, and Flashes
- If we didn't have cookies and sessions, what would happen?
- We wouldn't be able to persist anything that didn't exist in our database. We'd be at the mercy of the stateless model
- What is a cookie?
- An insecure hash like object that persists data across sessions.
- What's the difference between a cookie and a session?
- A session's data is serialized making it more difficult to manipulate its contents
- What's serialization and how does it come into play with sessions?
- Serialization protects the contents of a session object. It requires a special key to deserialize it. The key is held by the Rails app.
- Why would we want to store a user id in a session?
- Because if it was in a cookie a user could modify their id, perhaps to give themselves access to admin privileges.
- What is a flash? How long does a flash have before it expires?
- A flash is a hash like object that can pass messages to hte client. It expires every time it is accessed.
- What syntax would I use to add a
user_id
key and value to the session?
session[:user_id] = 12
- What does "HTTP is stateless" mean?
- The protocol does not persist data, meaning it has no knowledge of previous requests.