Satya's blog - Rails: Storing data in a session
Rails: Storing data in a session, and why it's bad. Suppose you're doing a Ruby on Rails application. You show a list of classes, and let the user click one to view the list of students in that class. Great, store the class id in the session. Wonderful. Now suppose you do something to those students -- mark a number of them as "absent" or whatever, from the student list screen. Okay, which class are we looking at? Oh, we stored that in the session, didn't we. Great. Now suppose someone like me comes along and opens two classes in two separate tabs/windows of the browser. Oops. Which class gets modified when I mark both sets of students? Big deal, you say, why not operate directly with the students IDs? Yes, we could, but that was a contrived example. The real-life example I ran into had a list of courses and their groups, and when you modify and save the groups, it would delete them all.... suffice to say, the ID had to follow the page by being a form parameter, and not obtained from the session. If there's a way to store page-specific session data, I don't know it. You could store a hash keyed by the page's parameters, though. If you were looking for a way to actually store data in the session, go read the docs for the details. Basically, session[:key]=value |
|