Panayotis Matsinopoulos's Profile

(I know this cast is old, but I am really new to Rails!)
You are saying that everything that is stored in session is encrypted. However, here, it says that

The client can see everything you store in a session, because it is stored in clear-text (actually Base64-encoded, so not encrypted)

and

There are, however, derivatives of CookieStore which encrypt the session hash, so the client cannot see it.

So, I am a little bit confused about whether a client can read the session hash or not.

BTW. While waiting for your answer, I found this.