How Do Sessions Work in Ruby on Rails?

Sessions in Ruby on Rails provide a way to store data between multiple requests from the same user. This is essential for maintaining user state, such as keeping users logged in as they navigate through different pages.

Session Storage Mechanisms

Rails supports multiple ways to store session data. The most common storage mechanisms are:

• CookieStore: Stores all session data on the client-side within a cookie. By default, Rails uses this mechanism. It’s simple and efficient but has a size limit (usually around 4KB).
• CacheStore: Stores session data in the Rails cache. This is useful for applications that have a caching layer like Memcached or Redis.
• ActiveRecordStore: Stores session data in the database using ActiveRecord. This is useful for larger session data or when you need persistent sessions.
• RedisStore: Stores session data in Redis, a fast in-memory data structure store. This is useful for scalable applications.

Configuring Sessions

Configure session storage in config/application.rb or environment-specific files:
# config/application.rb
module YourApp
  class Application < Rails::Application
    config.session_store :cookie_store, key: '_your_app_session'
    # Other options:
    # config.session_store :active_record_store, key: '_your_app_session'
    # config.session_store :cache_store, key: '_your_app_session'
    # config.session_store :redis_store, servers: "redis://localhost:6379/0/session"
  end
end

Using Sessions in Controllers

Interact with session data using the session hash:
class SessionsController < ApplicationController
 def create
	user = User.find_by(email: params[:email])
	if user && user.authenticate(params[:password])
  	session[:user_id] = user.id
  	redirect_to root_path, notice: "Logged in!"
	else
  	flash.now[:alert] = "Invalid email or password"
  	render :new
	end
  end
end