Reputation: 17793
Where are session variables stored in Rails?
hard disk, main memory or somewhere else. I am not asking for the case where these are stored in database.
Upvotes: 24
Views: 34427
Answers (3)
Reputation: 11202
In Rails, session object is sent back and forth inside cookies.
When you set session[:user_id] = 3 inside of your controller action, the response sent from that action will have a header Set-Cookie: my-session-cookie.
From now on browser will automatically send a header Cookie: my-session-cookie back to server on every request.
This is how my-session-cookie usually looks:
_Hello_session=BAh7B0kiD3%3D%3D--dc40a55cd52fe32bb3b84ae0608956dfb5824689
which translates into:
_Hello_session=<encrypted user_id=3>--<digital signature>
Hellois the name of your Rails app.- To prevent evil people from
understanding
a=bstring, it's encrypted. - To prevent evil people from tampering cookies, digital signature is used.
Both encryption (and decryption), and signing (and verifying) are done using a server-side secret key secrets.secret_key_base stored in /config/secrets.yml.
Upvotes: 14
Reputation: 878
By default rails uses cookies to store the session data. All data is stored in the client, not on the server.
Upvotes: 22
Reputation: 5192
I suggest you to take a look into sessions chapter of rails security guide - it answers your question in detail and will help you to understand how it works.
Upvotes: 15
Related Questions
- Where is the Session Stored in Rails?
- Rails 6 session variables not persisting
- where does ruby on rails app stores session?
- How to store a variable in session?
- When using ruby-on-rails how do you iterate over variables stored in the session?
- Unable to store and access Session Variables in Rails 4
- Where does 'session' come from?
- How Do I Find Which Session Variables are Storing Data in Rails2?
- Where should I store session code in a Rails app?
- Visibility of session variable in rails