Reputation: 11044
How session works in Rails
I Learn about session in rails. Most of the reference says that, the following is the way to create a session.
Example:
session[:id]=user.id
Session is a global hash. My doubt is, if session is a global hash, then If more than one user try's to login, then the session variable gets overwrite or not ? Because, there will be only one global hash. So, if millions of user gets login, then how the same "session[:id]" hold all the users sessions. Is it possible to store more than one value in a single variable. And also how to delete a session for a particular user. So, how session is handled in rails?
Upvotes: 5
Views: 4425
Answers (3)
Reputation: 8888
session is not a global hash. It's a method that returns a new hash in the context of each request. How that hash is created depends on the underlying session store.
Let's take a look at 2 typical session stores.
Encrypted cookie store
This is the default session store of Rails applications. Rails serializes then encrypts the whole session hashes into cookies, and stores those cookies on the clients (e.g. browsers). Each time a request hits Rails app, Rails decrypts then deserializes that session cookie to a hash. That hash is what the method session returns.
Redis session store
This session store is not shipped with Rails. It's a separate gem.
With this session store, Rails serializes the session, gives it an ID (called session ID), and stores the ID-hash pair into Redis. Rails then set the session ID to cookie and send that cookie to the client. Each time a request hits Rails app, Rails retrieves the session ID from the cookie, gets the serialized session associated with that session ID from Redis, and deserializes that into a hash. That hash is what the method session returns.
Upvotes: 9
Reputation: 4561
As 7stud stated, all sessions are created on a user by user basis. Since HTTP is a "stateless" protocol, you would potentially need someone to enter their login information everytime they wanted to look at a new page or even refresh the existing one. This is where sessions comes in. In Rails, each session is assigned a unique session id (a 32 character string of random hex numbers) when it's created and a cookie containing this id is then sent to the client's browser. From that point on, every request from the browser sends the session id back to the server thus maintaining continuity. Normal guidelines to follow are you should only keep track of the bare minimum in a session such as info to determine the current user (like a primary key etc.).
Upvotes: 0
Reputation: 48599
Most applications need to keep track of certain state of a particular user. This could be the contents of a shopping basket or the user id of the currently logged in user...Rails will create a new session automatically if a new user accesses the application. It will load an existing session if the user has already used the application.
A session usually consists of a hash of values and a session id, usually a 32-character string, to identify the hash. Every cookie sent to the client's browser includes the session id. And the other way round: the browser will send it to the server on every request from the client.
http://guides.rubyonrails.org/security.html
In other words, each unique user has their own session hash. "Global" means that the session hash can be accessed inside any action/method.
Upvotes: 1
Related Questions
- Rails sessions current practices
- Where is the Session Stored in Rails?
- What is the relation between cookies and the Rails session object?
- How do sessions work in Ruby on Rails?
- How do sessions and cookies work in Rails?
- How does session and cookie work in Rails 4?
- Ruby on Rails: How does cookies work?
- Rails v2.3 : Difference between session and cookies
- Rails Session Management
- Can't understand sessions in Rails