Sessions or Hidden fields?

Rails List wrote:

In my application I need to track user's application state such as in
which city or category he/she is in and based on that i need to perform
a search.

I have 3 options. Use cookies, use sessions or use hidden fields.

Think of hidden fields as a shortcut to populate a params[:model][:field], so the params[:model] is convenient to use.

Which one is the best choice in terms of performance and security. The
data being passed is not sensitive, they just query parameters.

Use a session, because a session _is_ a cookie, and abusing the cookie system with extra data is tacky - unless the cookie should last a while.

Also consider using the database - this user's favorite city. The database is there to write stuff in, sometimes even if you might consider that stuff very minor.

you can specify the active_record store for the session so it is not
stored as a cookie on the user's browser, but on the sessions table in
your database.