Where are session variables stored in Rails?_问答_开发者

Where are session variables stored in Rails?

开发者 https://www.devze.com 2023-04-03 11:27 出处：网络

hard disk, main memory or somewhere else. I am not asking for开发者_如何学Go the case where these are stored in database.By default rails uses cookies to store the session data. All data is stored in

hard disk, main memory or somewhere else. I am not asking for开发者_如何学Go the case where these are stored in database.

By default rails uses cookies to store the session data. All data is stored in the client, not on the server.

I suggest you to take a look into sessions chapter of rails security guide - it answers your question in detail and will help you to understand how it works.

In Rails, session object is sent back and forth inside cookies.

When you set session[:user_id] = 3 inside of your controller action, the response sent from that action will have a header Set-Cookie: my-session-cookie. From now on browser will automatically send a header Cookie: my-session-cookie back to server on every request.

This is how my-session-cookie usually looks:

_Hello_session=BAh7B0kiD3%3D%3D--dc40a55cd52fe32bb3b84ae0608956dfb5824689

which translates into:

_Hello_session=<encrypted user_id=3>--<digital signature>

Hello is the name of your Rails app.
To prevent evil people from understanding a=b string, it's encrypted.
To prevent evil people from tampering cookies, digital signature is used.

Both encryption (and decryption), and signing (and verifying) are done using a server-side secret key secrets.secret_key_base stored in /config/secrets.yml.