Differences between browser sessions and cookies and Rails session and cookies methods

Introduction

This article was written by a Rails beginner. Please pardon.

Also, I would appreciate it if you could point out any mistakes.

Differences between

Browser session

A series of steps from connecting to a certain site to disconnecting.

Browser cookies

Information stored in the user's browser.

There are temporary cookies and persistent cookies. The former disappears automatically when the browser is closed. The latter remains until it is manually erased on either the user side or the server side.

The HTTP protocol cannot remember the information that you are logged in. Therefore, it is necessary to save with such a function and check the cookie every time the page is moved.

Rails session method

It is for keeping the data necessary for one session of the browser. Specifically, a method that saves encrypted data in a temporary cookie of the browser.

The Rails tutorial stores the user ID logged in here. By saving the user ID, you can move to the page after logging in until you close the browser.

The tutorial says, "This data is safe because even if it is stolen by an attacker, you cannot log in." The information that you are logged in remains, so I think you can impersonate the user by stealing it. I don't know here because of my lack of study.

Rails cookies method

It is for saving the data that you want to keep even after the browser is closed. Specifically, a method that stores encrypted data in a persistent cookie of the browser.

The tutorial stores a token called RememberMe. With it, you can log in without having to enter your username and password. Therefore, it is necessary to handle it with care.

reference

Sessions and cookies that I can't listen to now, login / logout (Rails) Rails Security Guide (https://railsguides.jp/security.html)

Recommended Posts

Differences between browser sessions and cookies and Rails session and cookies methods
How cookies and sessions work
Differences between browser sessions and cookies and Rails session and cookies methods
[Rails] Differences between redirect_to and render methods and how to output render methods
Ruby: Differences between class methods and instance methods, class variables and instance variables
Rails: Difference between resources and resources
rails path and url methods
How cookies and sessions work
Differences between IndexOutOfBoundsException and ArrayIndexOutOfBoundsException
Think about the differences between functions and methods (in Java)
Differences between "beginner" Java and Kotlin
[Rails] Difference between find and find_by
Differences between Applet class and JApplet class
[Rails] Differences and usage of each_with_index and each.with_index
Differences between find, find_by, find_by_sql methods
Differences between Java and .NET Framework
[rails] Difference between redirect_to and render
[Java] Differences between instance variables and class variables
Security attacks using sessions (session ID, cookies)
Differences between Ruby strings and symbols [Beginner]
[Rails] Difference between redirect_to and render [Beginner]
[Rails / ActiveRecord] About the difference between create and create!
Differences between Spring Initializr packaging JAR and WAR
[Rails] Inherit parameters between controllers using Sessions Helper
Summarize the differences between C # and Java writing
Difference between member and collection of rails routes.rb
[Rails] Difference between create method and new + save method