Cookies vs Sessions with CookieStore

ruby-on-rails ruby-on-rails-3 session cookies
gjb picture gjb · Feb 22, 2013 · Viewed 19.1k times · Source

In Rails 3, what is the difference between storing data in a cookie and storing data in a session, with the session store set to the default of CookieStore?

e.g.

cookie[:foo] = 'bar'

# MyApp::Application.config.session_store :cookie_store, key: '_myapp_session'
session[:foo] = 'bar'

As far as I can tell, both end up stored in a client-side cookie.

When would you choose to use one over the other?

Thanks.

Answer

Wolfgang picture Wolfgang · Mar 1, 2013

The main difference is that when you use cookie[:foo] = 'bar' the user is able to see the value for the cookie, i.e. 'bar'. When you use session[:foo] = 'bar' the value will be encrypted by rails and stored in the _myapp_session cookie.

You would use the cookie[] format when the information you want to store is not bound to the session, e.g. when the users selects the preferred language.

You would use the session[] format when you want to store information that is related to the current session, e.g. the id of the the user.

Related questions

Devise limit one session per user at a time

My app is using Rails 3.0.4 and Devise 1.1.7. I'm looking for a way to prevent users from sharing accounts as the app is a subscription based service. I've been searching for over a week, and I still don't know how to …

Read More
How to get a random number in Ruby

How do I generate a random number between 0 and n?

Read More
Rails: How can I rename a database column in a Ruby on Rails migration?

I wrongly named a column hased_password instead of hashed_password. How do I update the database schema, using migration to rename this column?

Read More