Rails 3 Cookie Based Sessions Question

Question

With Rails 3, the default session storage mechanism is cookie_store. I assume that this means that the contents within the session hash are serialized, encoded and stored within a cookie in the browser? Does this mean that nothing (or very little) of the session is stored in the server?

I've had a few issues where I had a cookie overflow error and I'm assuming because I kept on adding to my user instance (which was also linked/fetched from the cookie).

u = session[:user]
u.add_this lots_of_data

so eventually I got a cookie overflow error.

Am I correct about this? Are sessions fully stored within cookies in Rails 3 (by default)?

Answer 1

Yes, if you use the cookie store, the session data is stored in the cookie. If you'd like to store it on the server, you will need to use another session store.

However, if you are storing model objects or "lots of data" in the session, you are most likely doing it wrong in the first place. Your data should go to the database, and the session should only contain as much information as you need to retrieve it.

In you case, this would mean to store the user id int he session, and load the user from the db in a before_filter.

Answer 2

Yes, you are right. The problem might come up if you keep on adding data to session. But there are some other things that affect it.

Once, I ended up with CookieOverflow error, and the reason was the flash[:notice] messages.

If you use flash[:notice] = "message" and then redirect, the text "message" will be stored in the cookie. If the size of the text u pass is more than 4KBs, you get "CookieOverflow" error