ActiveRecord session store in Rails 3

Hi there!

I am currently learning Rails 3 and have some doubts regarding sessions and RESTful authentication, hope you can help me.

By default, Rails stores session information using cookies. That means that if I do session[:user_id] = @user.id , it is stored in a cookie automatically, so that's all I have to do.

When I use ActiveRecord store, instead, we use the database for storing session information.

The book I am following, explains together the ActiveRecord store for sessions and the RESTful authentication, so I'm afraid I have mixed up some concepts.

My doubt is: When using ActiveRecord storage for sessions, is this just like using the cookie option, but with Rails automatically storing it in the database? I mean, woul I still use it just like session[:user_id] = @user.id and would Rails take care of storing it into the database?

If so, declaring sessions as a Resource, would be independent from using ActiveRecord store, wouldn't it?

I understand that, without declaring Sessions as a resource, I wouldn't have RESTful authentication, but the book uses ActiveRecord store, and next, declares Sessions as a resource, and I don't know if those are independent.

Hope I have explained myself :slight_smile:

Thanks for your responses!

The book I am following, explains together the ActiveRecord store for sessions and the RESTful authentication, so I'm afraid I have mixed up some concepts.

My doubt is: When using ActiveRecord storage for sessions, is this just like using the cookie option, but with Rails automatically storing it in the database? I mean, woul I still use it just like session[:user_id] = @user.id and would Rails take care of storing it into the database?

Whichever the session store (cookie store, activerecord store memcache store etc.) the api (ie. how you use it in your app) is the same.

If so, declaring sessions as a Resource, would be independent from using ActiveRecord store, wouldn't it?

Correct.

Fred

Frederick Cheung wrote in post #974199:

The book I am following, explains together the ActiveRecord store for sessions and the RESTful authentication, so I'm afraid I have mixed up some concepts.

My doubt is: When using ActiveRecord storage for sessions, is this just like using the cookie option, but with Rails automatically storing it in the database? I mean, woul I still use it just like session[:user_id] = @user.id and would Rails take care of storing it into the database?

Whichever the session store (cookie store, activerecord store memcache store etc.) the api (ie. how you use it in your app) is the same.

As Fred explained there's little difference in how you use sessions regardless of how they are stored, but it would be a good idea for you to understand the tradeoffs and limitations of each type of storage.

For example the cookie session store is pretty much maintenance and configuration free, but it is limited to 4K of data. This should be sufficient for most application.

ActiveRecord session stores don't have a size limit, but may require some maintenance to clear old sessions from the database.

Memcache also removes the 4K limit, but may require configuration of a memcached server.