This article was written by a Rails beginner. Please pardon.
Also, I would appreciate it if you could point out any mistakes.
A series of steps from connecting to a certain site to disconnecting.
Information stored in the user's browser.
There are temporary cookies and persistent cookies. The former disappears automatically when the browser is closed. The latter remains until it is manually erased on either the user side or the server side.
The HTTP protocol cannot remember the information that you are logged in. Therefore, it is necessary to save with such a function and check the cookie every time the page is moved.
It is for keeping the data necessary for one session of the browser. Specifically, a method that saves encrypted data in a temporary cookie of the browser.
The Rails tutorial stores the user ID logged in here. By saving the user ID, you can move to the page after logging in until you close the browser.
The tutorial says, "This data is safe because even if it is stolen by an attacker, you cannot log in." The information that you are logged in remains, so I think you can impersonate the user by stealing it. I don't know here because of my lack of study.
It is for saving the data that you want to keep even after the browser is closed. Specifically, a method that stores encrypted data in a persistent cookie of the browser.
The tutorial stores a token called RememberMe. With it, you can log in without having to enter your username and password. Therefore, it is necessary to handle it with care.
Sessions and cookies that I can't listen to now, login / logout (Rails) Rails Security Guide (https://railsguides.jp/security.html)