0
0
Ruby on Railsframework~5 mins

Session-based authentication in Ruby on Rails - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
What is session-based authentication in Rails?
It is a way to keep a user logged in by storing their user ID in a session cookie on the browser. The server checks this session to know who the user is on each request.
Click to reveal answer
beginner
How does Rails store session data by default?
Rails stores session data in a cookie on the user's browser, which is encrypted and signed to keep it secure.
Click to reveal answer
beginner
What is the role of the 'session' hash in Rails controllers?
The 'session' hash lets you save and access data that persists between requests, like the current user's ID for authentication.
Click to reveal answer
beginner
Why is it important to clear the session on logout?
Clearing the session removes the user's ID and other data, preventing unauthorized access if someone else uses the same browser.
Click to reveal answer
intermediate
What is a common security risk with session-based authentication and how can Rails help prevent it?
Session hijacking is a risk where someone steals the session cookie. Rails helps prevent this by encrypting and signing cookies and using secure and HttpOnly flags.
Click to reveal answer
In Rails, where is the session data usually stored by default?
AIn an encrypted cookie on the user's browser
BIn the database
CIn a server-side file
DIn localStorage
What does the 'session[:user_id]' typically store in a Rails app using session-based authentication?
AThe current user's ID
BThe user's password
CThe user's email
DThe session expiration time
What should happen to the session when a user logs out in a Rails app?
ANothing, the session stays the same
BThe session should be cleared or reset
CThe session should be sent to the database
DThe session should be saved permanently
Which Rails method is commonly used to clear the session?
Adestroy_session
Bclear_session
Cremove_session
Dreset_session
Why does Rails encrypt and sign session cookies?
ATo speed up the website
BTo make cookies larger
CTo prevent tampering and protect user data
DTo allow cookies to be shared across domains
Explain how session-based authentication works in a Rails application.
Think about what happens when a user logs in and how Rails remembers them.
You got /4 concepts.
    Describe the security measures Rails uses to protect session data.
    Consider how Rails keeps session cookies safe from theft or tampering.
    You got /4 concepts.