Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the difference between a Cookie and Redis Session store?

Tags:

redis

cookies

session-state

session-cookies

rack

I want to share sessions among 2 applications on different nodes; however, I am confused what the difference is between Cookie and Redis session stores; e.g. a cookie session might look like this:

rack.session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiJFN2YxZDMxMGE5YTNhZjc2NGM1NDBk%0AMzdiODQ0MjcyMzk5MzAxY2YyYzdhNDMwOWVkMzhiNWVlMmY2N2QwYzExNg%3D%3D%0A--ec4ec7b5a807c806e02e2811f4a11d05877a7698

In Redis, a session-store, might look like this:

rack:session:eb23c0a055e9e6de3b8ad51efd9g6260d647b2e61326e35f5ff59cd490bfb405"

However, I am confused how these sessions can be shared. Whereas in a cookie approach, a request carries the state of the session, I can't see how the session in Redis actually matches to state among 2 applications. Any advice how to use Redis / share session state among 2 rack apps?

like image 711
poseid Avatar asked Jan 15 '13 21:01

poseid

People also ask

What is the difference between session storage and cookies?

For most cases, we use the local Storage object if we want some data to be on the browser. If we want it on the server, then we use cookies, and the session storage is used when we want to destroy the data whenever that specific tab gets closed or the season is closed by the user.

What is Redis session store?

The Redis session cache is most commonly used in a scenario where client requests are directed by a load balancing mechanism to two or more replicated WebSEAL servers. The Redis Session Cache. Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.

Is cookie same as session ID?

The session cookie is a server-specific cookie that cannot be passed to any machine other than the one that generated the cookie. The server creates a “session ID” which is a randomly generated number that temporarily stores the session cookie.

Which is best session or cookie?

Session is safer for storing user data because it can not be modified by the end-user and can only be set on the server-side. Cookies on the other hand can be hijacked because they are just stored on the browser.

1 Answers

The Redis session store still uses a cookie to track the session id client side. The difference is where the actual data that you stick in the session is stored. With the cookie store, it's stuffed into the cookie and sent back and forth with each request. With the redis-store, only the session id is passed in the cookie and the actual session data is retrieved from Redis using the session id in the cookie. Here's a great description of the various trade-offs with different session stores.

Sharing sessions might be made to work with both Cookie and and Redis session stores. Check out these two questions for details:

  • Rails Checkout SSL heroku
  • Subdomain Session Not Working in Rails 2.3 and Rails 3 on Heroku with/without a Custom Domain?
like image 150
friism Avatar answered Sep 23 '22 10:09

friism
Sign in to Comment

Related questions

Cookie max age in Java
How to activate secure cookies in Wildfly?
WWW::Mechanize and Cookies
Subdomain cookie sharing in Rails 3 is not working (on Heroku)?
Creating Servlet Cookies
Sending cookie with http post android
CORS doesn't work with cookies in IE10
Setting request cookies angular2 http post request
how to set expiration date on a cookie in cfscript
How to login in with Curl and SSL and cookies
How to implement "login remember me" using cookies in Express.js?
How can I disable or delete cookies in the Postman application manually
Attaching a cookie to a view in Symfony2
Python Flask set cookie for both example.com and www.example.com
flask Set Cookie for every response
Why is the cookie expiration date not surviving across sessions in ASP.NET?
How to secure private routes in SPA while using httpOnly cookies
Set a cookie expire after 2 hours
Set cookie (with JS) for whole domain not specific page
Slim 3 Framework + Cookies

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!