recitation4 notes


Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview:; Path=/; Expires=Wed, 13-Jan-2021 22:23:01 ; HttpOnly GMT Topic 2: Sessions HTTP is a stateless protocol -- it doesn’t require the server to remember anything about a single user across multiple requests. This works fine for serving static content, but what about dynamic/customized content? For example, a user on Amazon would want to see the same items in his “shopping cart” as he browses from page to page. We need some way to keep track of data from such a user session. A common solution to this problem is using browser cookies. (Other solutions: server side sessions, hidden form variables, adding parameters to the URL.) Topic 3: Sessions in Rails Rails has built-in support for keeping track of user sessions. There are a few storage mechanisms. All of these storage mechanisms use a cookie to store a unique ID for each session. They differ in where the rest of the data is kept. ● ActionDispatch::Session::CookieStore – Stores everything on the client. ● ActiveRecord::SessionStore – Stores the data in a database using Active Record. ● ActionDispatch::Session::CacheStore – Stores the data in the Rails cache. If you’d like to change how you’re storing sessions you can take a look and change it in the config/initializers/session_store.rb. The default store is CookieStore, which stores all data in the browser cookie. Note that the data stored in the cookie isn’t encrypted, so users can read it if they wanted. However, the cookie is signed so that users can’t modify their cookie -- if they do, Rails will not accept it. No matter which mechanism you choose, the session will be accessible via the sessions hash. You might set a user_id in the session hash. user = User.find_by_email(params[:email]) session[:user_id] = 3 The user can then be retrieved on a subsequent call like so: User.find(session[:user_id]) if session[:user_id] Topic 4: Authentication (vs Authorization) Authentication involves verifying that “this person is who they say they are.” For example, you may show a p...
View Full Document

This document was uploaded on 03/18/2014 for the course EECS 6.170 at MIT.

Ask a homework question - tutors are online