Consider this Rails controller action:
def login session[:user_id] = 42 render plain: session[:user_id] end
What will be the response body when this action is called?
def login session[:user_id] = 42 render plain: session[:user_id] end
Remember, session stores values as key-value pairs accessible by keys.
The session[:user_id] is set to 42, so rendering session[:user_id] outputs "42" as a string.
Given this sequence in a Rails controller:
session[:cart] = ['apple']
session[:cart] << 'banana'
session[:cart].delete('apple')What is the value of session[:cart] after these lines?
session[:cart] = ['apple'] session[:cart] << 'banana' session[:cart].delete('apple')
Think about how arrays change with << and delete methods.
Initially cart has ['apple'], then 'banana' is added, then 'apple' is removed, leaving ['banana'].
Which of these lines correctly sets a flash notice message in a Rails controller?
Flash messages use a special hash called flash.
flash is a hash-like object; setting flash[:notice] = "Welcome!" is correct syntax.
In a Rails controller, this code is used:
def set_user user = User.find(params[:id]) session[:user] = user render plain: "User set" end
Why might session[:user] not persist correctly across requests?
def set_user user = User.find(params[:id]) session[:user] = user render plain: "User set" end
Think about what kind of data can be stored in session.
Sessions store simple data like strings or numbers. Storing complex objects like ActiveRecord instances causes issues.
Why is it risky to store sensitive information like passwords or credit card numbers directly in Rails session?
Consider where session data is stored and how it can be accessed.
Rails stores session data in cookies by default, which are client-side and can be read or modified if not properly secured.