CSC/ECE 517 Fall 2012/ch1b 1w67 ks: Difference between revisions
No edit summary |
No edit summary |
||
| Line 12: | Line 12: | ||
= Session in Ruby = | = Session in Ruby = | ||
In Ruby session persists forever and is stored in the browser cookies by default. The session data can thus be deleted by clearing content of the cookies. Session is useful when we have to remember the state for a long time. Examples include Authentication where the user enters its login id and password that needs to be available for the whole session that the user is logged in. There are some alternative storage modes for session such as Storage table or No SQL data structure. | In Ruby session persists forever and is stored in the browser cookies by default. The session data can thus be deleted by clearing content of the cookies. Session is useful when we have to remember the state for a long time. Examples include Authentication where the user enters its login id and password that needs to be available for the whole session that the user is logged in. There are some alternative storage modes for session such as Storage table or No SQL data structure. | ||
| Line 19: | Line 19: | ||
== Session == | == Session == | ||
Session stores small amount of data that persists between requests. The session is only available in the controller and the view and can use one of a number of different storage mechanisms such as cookies, tables, cache, memcache etc | Session stores small amount of data that persists between requests. The session is only available in the controller and the view and can use one of a number of different storage mechanisms such as cookies, tables, cache, memcache etc. | ||
The session stores session id in cookies as it is insecure when embedded in the url.This unique id is used to look up the session data on its storage locations such as cookies, database tables, no sql data structure, cache etc.The data storage in cookies by default makes the session lightweight and easy to access and it does not requires calls to the storage locations for accessing the session data. The cookies can store atmost 4 kb data and hence gives cookie overflow exception if the data in the session exceeds the 4 kb limit.The cookie data is not encrypted but it cannot be edited by being visible in the url. | The session stores session id in cookies as it is insecure when embedded in the url.This unique id is used to look up the session data on its storage locations such as cookies, database tables, no sql data structure, cache etc.The data storage in cookies by default makes the session lightweight and easy to access and it does not requires calls to the storage locations for accessing the session data. The cookies can store atmost 4 kb data and hence gives cookie overflow exception if the data in the session exceeds the 4 kb limit.The cookie data is not encrypted but it cannot be edited by being visible in the url. | ||
== Flash == | == Flash == | ||
| Line 37: | Line 36: | ||
= Advantages/Disadvantages = | = Advantages/Disadvantages = | ||
<p>Like an outline, you shouldn't have a single section or subsection. Your subsections can go many levels deep!</p> | <p>Like an outline, you shouldn't have a single section or subsection. Your subsections can go many levels deep!</p> | ||
== Session | == Session == | ||
Session Advantages: | |||
-A session object helps us store useful information about the application like the session_id, currently logged in user details | |||
-It is similar to hash and helps us take advantages of the hash functionalities in Ruby | |||
-Since, it persists forver, the session variables can be used to perfrom authentication,server side validation and take care of the security aspects of the appliction | |||
Disadvantages: | |||
-The session object is a heavy weight object as it is used to store a lot of application related information. | |||
-we have to be careful while dealing with session variables as it is subject to malicious attacks and sensitive information can be divulged if not taken care of while programming | |||
-As the session variables persists forever, it is the programmers responsibility to reset the information of the application when the application goes out of the current scope logically. | |||
-Too many session variable manipulation and storage can make the code inefficient and can cause unexpected behaviour if not programmed carefully | |||
== | == Flash == | ||
Flash Advantages: | |||
-A light weight object that helps us store the information of the state the application is in. | |||
-Since flash is similar to hash, it helps us abuse the advantages of hash. Although, the most commonly used keys are :notice and :warning, any key can be passed into -the flash object and the user is responsible for extracting the inforation from the corresponding object* | |||
-It is less tedious to manage as its lifetime persists only until the next request. | |||
Disadvantages: | |||
-As the information stored in the flash object persists only until the next request, it is not useful for providing security related capabilities to the application. | |||
-It has limited capabilities and used for displaying sinple error messages, notices or warnings in the application. | |||
-It cannot store dynamic information | |||
= Conclusion/Summary = | = Conclusion/Summary = | ||
Conclusion: | |||
HTTP is a stateless protocol and the web applications require saving of the applicaion state frequently. Based on the application state, certain actions are taken. This is possible in RUBY using redirection flash object. The redirection flash object persists for a short duration and helps us store simple information about the application. Another flash like object that provices us very rich capabilities in terms of information storge, authentication and security is the session object. We have seen the differences between the two. It is the programmers responsibility to approriately use the flash or the session abject depending on what needs to be achieved. | |||
= Definitions = | = Definitions = | ||
| Line 63: | Line 76: | ||
= References = | = References = | ||
<references /> | <references /> | ||
http://www.youtube.com/watch?v=0m8lmRwS7E0 | http://www.youtube.com/watch?v=0m8lmRwS7E0 | ||
http://www.youtube.com/watch?v=0m8lmRwS7E0 | |||
http://ruby.railstutorial.org/chapters/sign-in-sign-out#sec:sessions_controller | |||
http://www.tutorialspoint.com/ruby-on-rails/rails-session-cookies.htm | |||
http://guides.rubyonrails.org/action_controller_overview.html#the-flash | |||
http://guides.rubyonrails.org/security.html#sessions | |||
Revision as of 23:28, 3 October 2012
A brief introduction to your article. The table of contents, which is generated automatically, will show up just below this introduction.
Overview/Introduction
Redirection in ruby refers to the where a user is redirected from one page to another.As the http requests are stateless, hence this leads to losing all the state that we had before. Thus Rails provides a hash called Flash such that it persists until the end of the next request received. Also there is a session hash, which unlike flash persists forever. <ref>http://www.youtube.com/watch?v=0m8lmRwS7E0</ref>.
For information on how to format the text of your article, create tables, and use section headings and references, see this article.
Flash in Ruby
Flash in ruby helps to remember the state until the end of the next request. It is basically used to store error messages as warnings and information as notice in the hash. This is used in views to print the error messages or notice. Instead of notice or warnings, we can define user defined hash and print its value in the view as we did for the notice and warnings. Basically it helps in flashing messages on the views.
Session in Ruby
In Ruby session persists forever and is stored in the browser cookies by default. The session data can thus be deleted by clearing content of the cookies. Session is useful when we have to remember the state for a long time. Examples include Authentication where the user enters its login id and password that needs to be available for the whole session that the user is logged in. There are some alternative storage modes for session such as Storage table or No SQL data structure.
Various uses of Session/Flash
Create as many sections and subsections as necessary to support your article.
Session
Session stores small amount of data that persists between requests. The session is only available in the controller and the view and can use one of a number of different storage mechanisms such as cookies, tables, cache, memcache etc. The session stores session id in cookies as it is insecure when embedded in the url.This unique id is used to look up the session data on its storage locations such as cookies, database tables, no sql data structure, cache etc.The data storage in cookies by default makes the session lightweight and easy to access and it does not requires calls to the storage locations for accessing the session data. The cookies can store atmost 4 kb data and hence gives cookie overflow exception if the data in the session exceeds the 4 kb limit.The cookie data is not encrypted but it cannot be edited by being visible in the url.
Flash
Like an outline, you shouldn't have a single section or subsection. Your subsections can go many levels deep!
Examples
Like an outline, you shouldn't have a single section or subsection. Your subsections can go many levels deep!
Session
This is a subsection of section 1. Obviously, you name each of your sections and subsections as appropriate for your article.
Flash
Like an outline, you shouldn't have a single section or subsection. Your subsections can go many levels deep!
Advantages/Disadvantages
Like an outline, you shouldn't have a single section or subsection. Your subsections can go many levels deep!
Session
Session Advantages: -A session object helps us store useful information about the application like the session_id, currently logged in user details -It is similar to hash and helps us take advantages of the hash functionalities in Ruby -Since, it persists forver, the session variables can be used to perfrom authentication,server side validation and take care of the security aspects of the appliction
Disadvantages: -The session object is a heavy weight object as it is used to store a lot of application related information. -we have to be careful while dealing with session variables as it is subject to malicious attacks and sensitive information can be divulged if not taken care of while programming -As the session variables persists forever, it is the programmers responsibility to reset the information of the application when the application goes out of the current scope logically. -Too many session variable manipulation and storage can make the code inefficient and can cause unexpected behaviour if not programmed carefully
Flash
Flash Advantages: -A light weight object that helps us store the information of the state the application is in. -Since flash is similar to hash, it helps us abuse the advantages of hash. Although, the most commonly used keys are :notice and :warning, any key can be passed into -the flash object and the user is responsible for extracting the inforation from the corresponding object* -It is less tedious to manage as its lifetime persists only until the next request.
Disadvantages: -As the information stored in the flash object persists only until the next request, it is not useful for providing security related capabilities to the application. -It has limited capabilities and used for displaying sinple error messages, notices or warnings in the application. -It cannot store dynamic information
Conclusion/Summary
Conclusion: HTTP is a stateless protocol and the web applications require saving of the applicaion state frequently. Based on the application state, certain actions are taken. This is possible in RUBY using redirection flash object. The redirection flash object persists for a short duration and helps us store simple information about the application. Another flash like object that provices us very rich capabilities in terms of information storge, authentication and security is the session object. We have seen the differences between the two. It is the programmers responsibility to approriately use the flash or the session abject depending on what needs to be achieved.
Definitions
For any definitions where you don't have inline hypertext links to the definition you can place the definition of those terms here.
References
<references /> http://www.youtube.com/watch?v=0m8lmRwS7E0 http://www.youtube.com/watch?v=0m8lmRwS7E0 http://ruby.railstutorial.org/chapters/sign-in-sign-out#sec:sessions_controller http://www.tutorialspoint.com/ruby-on-rails/rails-session-cookies.htm http://guides.rubyonrails.org/action_controller_overview.html#the-flash http://guides.rubyonrails.org/security.html#sessions