Chapter 13. Session Management

 

I’d hate to wake up some morning and find out that you weren’t you!

 
 --Dr. Miles J. Binnell (Kevin McCarthy) in “Invasion of the Body Snatchers” (Allied Artists, 1956)

HTTP is a stateless protocol. Without the concept of a session (a concept not unique to Rails), there’d be no way to know that any HTTP request was related to another one. You’d never have an easy way to know who is accessing your application! Identification of your user (and presumably, authentication) would have to happen on each and every request handled by the server.[1]

Luckily, whenever a new user accesses our Rails application, a new session is automatically created. Using the session, we can maintain just enough server-side state to make our ...

Get The Rails Way now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.