Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails: Advantages of storing session in database?

Tags:

ruby

ruby-on-rails-3

session

I'm just wondering why storing session in database? Is there any advantage to storing session in database?

like image 977
Zeck Avatar asked Nov 25 '10 15:11

Zeck

People also ask

Why do we store sessions in database?

To avoid the potential problem of an attacker using JavaScript to modify a cookie that affect session data, you can store the session data in a database that you create. Then, the session data is passed back and forth between the application and that database.

Where does rails store session data?

The session is only available in the controller and the view and can use one of a number of different storage mechanisms: ActionDispatch::Session::CookieStore - Stores everything on the client. ActionDispatch::Session::CacheStore - Stores the data in the Rails cache.

Is it safe to store in session?

Both SessionStorage and LocalStorage are vulnerable to XSS attacks. Therefore avoid storing sensitive data in browser storage. It's recommended to use the browser storage when there is, No sensitive data.

What are sessions in rails?

Rails provides a session object for each user that accesses the application. If the user already has an active session, Rails uses the existing session. Otherwise a new session is created. Read more about sessions and how to use them in Action Controller Overview Guide.

1 Answers

The advantage to the database or memcached is that session data cannot be tampered with on the client side and that you can store a larger amount of data than you would with cookies (4kB).

If your session is stored in cookies or the database and the web service is restarted then the session data is not lost. It may only be lost if it is stored in memcached.

If the server is load balanced then the session data is passed to the web server that is serving the request, so this is not an issue with cookies, database, or memcached sessions.

The advantage of cookies over memcached or the database is that the client stores the session data, so the server is not responsible for it.

Keep in mind that either way cookies will be passed to and from the client because a session reference still needs to be maintained.

like image 67
Pan Thomakos Avatar answered Oct 19 '22 08:10

Pan Thomakos
Sign in to Comment

Related questions

How to remove duplicates in a hash in Ruby on Rails?
How to generate an Excel file with Rails?
New row every 3 items [closed]
Using Ruby convert numbers to words?
Is there a way to conditionally add to an array in one line?
Cucumber - Capybara search for text within table row
Displaying Only the first x words of a string in rails
How to define a Ruby Struct which accepts its initialization arguments as a hash?
How to install Ruby on docker?
Detect if running with administrator privileges under Windows XP
Dynamic routes with Rails 3
find all records where two conditions are true
Ruby extract data from string using regex
How do I remove backslashes from a JSON string?
Bundle install fails to install libxml-ruby
Getting a DNS TXT record in Ruby
Trouble removing rake 0.9
Recursive Patterned File Delete in Ruby/Rake
Advantages of Java over Ruby/JRuby
Why is Python faster than Ruby?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!