Reputation: 1668
Why does Rails give assign me an _app_session cookie even though I am not logged in?
I'd like to understand the behavior of Rails of why am I given a session cookie even though I am not logged in. Does it serve any purpose and what are the potential use cases for it (aside from authentication after logging in)?
Upvotes: 0
Views: 456
Answers (1)
Reputation: 725
In a Rails app, ActionController provides a session for each user. It can be used to store small amounts of data that will be persisted between requests.
Sessions can use many kinds of data stores, but always there is a cookie which stores the unique session ID. The default is to store everything else in the cookie too.
The cookie is signed and encrypted, so it can easily be used to store sensitive data, for example session[:user_id] = your_current_user_id.
More info here.
Upvotes: 2
Related Questions
- How do I manually set cookie in rails app?
- Where is the Session Stored in Rails?
- What is the relation between cookies and the Rails session object?
- Weird behavior with session cookies
- RailsTutorial: Why is there always some session?
- rails session steal through cookies
- Why are my Rails cookies lost upon browser close?
- session cookie httponly false rails 3.1
- active_record_store is set but cookie still created
- Rails cookie being set, session variable in cookie readable, session not readable