RailsCasts Pro episodes are now free!

Learn more or hide this

Panayotis Matsinopoulos's Profile

GitHub User: pmatsinopoulos

Site: www.matsinopoulos.gr

Comments by Panayotis Matsinopoulos


(I know this cast is old, but I am really new to Rails!)
You are saying that everything that is stored in session is encrypted. However, here, it says that

The client can see everything you store in a session, because it is stored in clear-text (actually Base64-encoded, so not encrypted)


There are, however, derivatives of CookieStore which encrypt the session hash, so the client cannot see it.

So, I am a little bit confused about whether a client can read the session hash or not.

BTW. While waiting for your answer, I found this.