In my application I need to track user''s application state such as in which city or category he/she is in and based on that i need to perform a search. I have 3 options. Use cookies, use sessions or use hidden fields. Which one is the best choice in terms of performance and security. The data being passed is not sensitive, they just query parameters. Any ideas? -- Posted via http://www.ruby-forum.com/.
Rails List wrote:> In my application I need to track user''s application state such as in > which city or category he/she is in and based on that i need to perform > a search. > > I have 3 options. Use cookies, use sessions or use hidden fields.Think of hidden fields as a shortcut to populate a params[:model][:field], so the params[:model] is convenient to use.> Which one is the best choice in terms of performance and security. The > data being passed is not sensitive, they just query parameters.Use a session, because a session _is_ a cookie, and abusing the cookie system with extra data is tacky - unless the cookie should last a while. Also consider using the database - this user''s favorite city. The database is there to write stuff in, sometimes even if you might consider that stuff very minor. -- Phlip
you can specify the active_record store for the session so it is not stored as a cookie on the user''s browser, but on the sessions table in your database. On Aug 2, 11:51 am, Phlip <phlip2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Rails List wrote: > > In my application I need to track user''s application state such as in > > which city or category he/she is in and based on that i need to perform > > a search. > > > I have 3 options. Use cookies, use sessions or use hidden fields. > > Think of hidden fields as a shortcut to populate a params[:model][:field], so > the params[:model] is convenient to use. > > > Which one is the best choice in terms of performance and security. The > > data being passed is not sensitive, they just query parameters. > > Use a session, because a session _is_ a cookie, and abusing the cookie system > with extra data is tacky - unless the cookie should last a while. > > Also consider using the database - this user''s favorite city. The database is > there to write stuff in, sometimes even if you might consider that stuff very minor. > > -- > Phlip