Chapter 13. Session Management

I’d hate to wake up some morning and find out that you weren’t you!

—Dr. Miles J. Binnell in Invasion of the Body Snatchers

HTTP is a stateless protocol. Without the concept of a session (a concept not unique to Rails), there’d be no way to know that any HTTP request was related to another one. You’d never have an easy way to know who is accessing your application! Identification of your user (and, presumably, authentication) would have to happen on each and every request handled by the server.1

1. If you are really new to web programming and want a very thorough explanation of how web-based session management works, you may want to read the information available at http://www.technicalinfo.net/papers/WebBasedSessionManagement.html ...

Get The Rails™ 4 Way, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.