We are doing a lot of rails tutorials. About "session" dealt with in Chapter 8, this time I wrote an article that I wanted to organize for my own understanding. Since I am a beginner, I would be grateful if you could point out any mistakes in the comments.
In this communication, the communication between the browser and the server is independent for each round trip. Previous information cannot be inherited.
However, you may be wondering when you hear this story. If all HTML communication is independent, for example, on a shopping site, When you put the product you want to buy in the cart, the information is not carried over, so The cart should be empty when you transition pages.
So, ** The session is to make stateless HTML communication "stateful". ** **
In this communication, the browser ⇄ server exchanges information by adding information to the communication. It is possible to make this entire exchange into a series of actions.
In the above example, on the site where you logged in as a member, you can jump to various pages while retaining the member information. On the shopping site, you can put more and more things in the cart, which is convenient.
"Stateful communication" in HTML consists of a mechanism called a session.
Reference: session communication
How are
Sessions don't always handle cookies, but they are certainly commonly used. Rails also uses cookies as a standard, so we will assume cookies here.
** ① First access ** The browser side accesses the server side. The server side includes the browser identification information (for example, login information) in the HTTP header and sends it. The browser saves that information (this is the cookie information)
** ② Access after that ** The browser side includes the saved cookie information in the HTTP header and sends it to the server side. Based on that information, the server side determines who has accessed it.
In this way, the cookie is the information held on the browser side, and by sending it including the session ID, the server side can understand "what kind of content did you exchange?" I will. By the way, the content of session itself is held by the web server side, and the session ID in the cookie is the ID for calling it.
The session is only temporary and is basically deleted when the browser is closed.
| storage | Description |
|---|---|
| ActionDispatch::Session::CookieStore: | Save all sessions in a cookie on the client-side browser |
| ActionDispatch::Session::CacheStore: | Save data to Rails cache |
| ActionDispatch::Session::ActiveRecordStore: | Save to database using Active Record(activerecord-session_need store gem) |
| ActionDispatch::Session::MemCacheStore: | Save data to memcached cluster(This implementation is old so you should consider CacheStore) |
As explained earlier, the session ID is basically stored in a cookie and passed to the server,
For the CookieStore used by default, the ** session information itself is saved on the cookie side. ** **
The CookieStore has the following ** benefits **. ・ Very lightweight ・ A set has been prepared for using the session with the web application. -The cookie data is given an encrypted signature to prevent tampering, and the cookie itself is also encrypted, so the contents cannot be read by others (the tampered cookie is rejected by Rails).
However, there are also the following ** disadvantages **. ・ The upper limit of cookies is 4KB -Since the cookie is saved on the client side (browser), the contents of the expired cookie may remain. · Client cookies may be copied to other computers ・ Session cookies do not expire by themselves, so they may be reused for misuse.
Basically, I think it's better to use the CookieStore recommended by Rails, I thought that it was necessary to use it properly according to the situation.
Reference: rails guide session
The following are all operations in the Cookie Store that is used by default.
** ・ Create session **
session[:user_id] = @user.id
The session method can be set with a hash value. By setting, an encrypted cookie containing the information of this session will be generated.
** ・ Refer to session **
user = User.find(id: session[:user_id])
Information on session can be easily referenced. When the session method is called, the cookie information is decrypted internally and the value can be obtained with session [: symbol].
**-Delete session **
#Everything you do is the same
session[:user_id] = nil
session[:user_id].clear
session.delete(:user_id)
It is possible to rewrite with nil or delete information with clear or delete.
When I organized it again, I was able to identify the points that I did not understand and it was refreshing. I will continue to do my best in the Rails tutorial.
Recommended Posts