session [：food]和cookies.permanent之间的区别[：food] [英] Difference between session[:food] and cookies.permanent[:food]

问题描述

这是 session [：food] =pizza和 cookies.permanent [：food] = pizza ？

我试图读取rails文档，并说：

which are the difference between session[:food]="pizza" and cookies.permanent[:food]=pizza?
I tried to read rails documentation and it says:

新的默认会话存储，CookieStore。 CookieStore将会话哈希直接保存在客户端的Cookie中。

Rails 2 introduced a new default session storage, CookieStore. CookieStore saves the session hash directly in a cookie on the client-side.

然后我不明白，如果session [：food ]保存在cookie中，所以cookies.permanent [：food]有，有什么区别？

Then I don't understand, if session[:food] is saved in a cookie and so cookies.permanent[:food] does, what's the difference?

推荐答案

它出来，会话数据是在cookie（rails 3）或加密cookie（rails 4）中base64编码。使用像Firefox的Web Developer Extension（WDE）插件一样的工具，它有一个cookie菜单项，使用它删除localhost网站的所有cookie，然后将您的代码添加到控制器操作

I recommend you try it out, session data is base64 encoded in the cookie (rails 3) or in an encrypted cookie (rails 4) . Use a tool like Firefox 'Web Developer Extension' (WDE) addon, it has a cookie menu item, use it to delete all cookies for your localhost site, then add your code to a controller action

session[:food] = "pizza"
cookies.permanent[:food] = "pizza"

现在使用WDE查看cookies

Now view the cookies using WDE

Name    food
Value   pizza
Host    localhost
Path    /
...

$ b b

与会话

vs the session

Name    _session_name # (this value set in config/initializers/session_store.rb)
Value   a_base_64_value
Host    localhost
Path    /    
...

现在打开rails控制台并解码会话值

now open rails console and decode the session value

$ rails console
> Base64.decode64('value from session')
# works in rails 3

rails 4加密cookie而不是仅仅进行编码，请参见 http：// cowbell- labs.com/2013-04-10-decrypt-rails-4-session.html

If using rails 4 the cookie is encrypted instead of just encoded, see http://cowbell-labs.com/2013-04-10-decrypt-rails-4-session.html

一旦解密或解码，它看起来像

once decrypted or decoded it looks something like

{
  "session_id"=>"xxxxx", 
  "user_return_to"=>"/", 
  "flash"=>{
    "discard"=>[:alert], 
    "flashes"=>{
      :alert=>"You need to sign in or sign up before continuing."}
    }, 
  "food"=>"pizza", 
  "_csrf_token"=>"xxxxx"
}

请注意，在我的情况下，我使用Devise向闪存添加了一条消息

Note in my case I am using Devise which has added a message to the flash

会话数据受到更好的保护，您还可以选择移动到不同会话存储（如数据库），而不更改任何代码，只需进行一些配置

Session data is better protected and you also have the option to move to a different session store like a database without changing any code, just some configuration

这篇关于session [：food]和cookies.permanent之间的区别[：food]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！