Robert Walker wrote: > new on ror wrote: >> Hello mate, >> >> I'm wonder how to use database sessions store instead of cookies. >> Rails 2.3 > > environment.rb > ---------- > config.action_controller.session_store = :active_record_store
What I wonder is what are the advantages of using an active record session store? I assume people do this for a few reasons: 1. Need to persist sessions between browser launches. I would consider this in only in very rare cases. It's my opinion that session cookies in their current form are even too lenient. An HTML 5 local session storage object seems like the ideal choice, given that they limit a session to a single browser window instance, having the same life-cycle and encapsulation as the window. They also seem to fix a common problem with cookies leaking out to other domains. Local storage objects are bound to the domain that created them without the loopholes cookies allow. Too bad this isn't yet a viable option, but hopefully one day will be. 2. Need to store more that 4K of session data. In most cases this shouldn't be an issue given that it's good practice to keep sessions as small as possible. And again HTML 5 local session storage eliminates this limitation (something else to look forward to in the future). 3. Need to store sensitive data inside session objects. I cringe as I write that. It just sounds like such a bad idea. But, I suppose that's why encryption was invented. What are some other reasons I've not listed here? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
