Reputation: 21613
Rails: How to store data in session?
I'm making an writing exam practice web app in Rails. The problem is that if users' answers are submited to the Internet, they will easily be detected by ETS. So when users write their answers again in real test, ETS will think they are coping answers from Internet and give them a fairly low score.
My approach to this, is to store users' eassay in session. So it will not be upload to Internet at all. But, how can I store an object in session?
Upvotes: 29
Views: 33961
Answers (3)
Reputation: 2662
To store something in a session you can do:
session[:answer] = "some answer"
Then you can call the answer with:
session[:answer]
Or you could use HTML5 localstorage:
<script>
localStorage.setItem("essay", "text");
localStorage.getItem("essay"); // => "text"
</script>
Upvotes: 45
Reputation: 91753
My approach to this, is to store users' eassay in session. So it will not be upload to Internet at all.
Technically, that is not correct. The default implementation of sessions in rails is cookie based. So if you write something to the session, it's written to a cookie on the client. With each following request to your server, the cookie is send to the server, which i assume, is somehow connected the internet.
Also, cookies and therefore sessions, are restricted in size (about 4kb). So you might not be able to store everything in a session.
The problem is that if users' answers are submited to the Internet, they will easily be detected by ETS
That's the real question here:
Usually, if one doesn't want that other people (e.g. the ETS) can read your content, you restrict the access to the content. Either by passwords or by other means.
So, use some sort of authentication (answer by @Rich Peck), be extra careful that your content is only visible after an successful authentication, don't give the passwords to the ETS and you should be fine.
Upvotes: 1
Reputation: 76774
- Rails stores data in a database (doesn't have to be on the "Internet")
- Storing lots of data in sessions is a really bad idea
Sessions
Rails sessions are meant to keep consistency throughout your app
IMO, sessions are best used for storing "snippets" of data (such as a single object, ids etc), and are best used for these types of functions:
- Shopping carts
- Security-centric systems (keeping secure data)
- Authentication (keeping a user logged in)
Database
What you've asked is how you store people's answers in sessions
I would argue you should store them in a database, but secure that DB with authentication (such as Devise):
#app/controllers/answers_controller.rb
def new
@answer = Answer.new
end
def create
@answer = Answer.new(answer_params)
@answer.save
end
private
def answers_params
params.require(:answer).permit(:body, :question_id).merge(user_id: current_user.id)
end
This will allow you to store the answers in a database (the database can be on your local computer, local Intranet, or anywhere you want)
Security
The key for you will be to secure your data
This is called Authentication, and without going into huge detail, here's a great resource for you:
http://railscasts.com/episodes/250-authentication-from-scratch
Upvotes: 10
Related Questions
- Storing values in Rails session
- How to store a variable in session?
- Rails 5 - Managing Sessions Data
- Rails session store model object
- Best way (other than session) to store objects in Rails controller?
- Storing User Data in Session - Standard Practice
- Storing sessions in db in rails
- Storing and retrieving session objects
- Saving data in rails session to use in form on next request
- Storing Objects in a Session in Rails