Comments on: Rails Gotcha: Associations Stored in the Session http://blog.inquirylabs.com/2006/05/12/rails-gotcha-associations-stored-in-the-session/ Politics, Programming and Possibilities Tue, 02 Dec 2008 01:16:18 +0000 http://wordpress.org/?v=2.6.1 By: Jeff http://blog.inquirylabs.com/2006/05/12/rails-gotcha-associations-stored-in-the-session/#comment-349 Jeff Sat, 13 May 2006 01:06:58 +0000 http://blog.inquirylabs.com/2006/05/12/rails-gotcha-associations-stored-in-the-session/#comment-349 Thanks for the tip, Duane. Sometimes I would wonder whether to store an object in the session hash or just the id to the object, and your example cements it for me. Thanks for the tip, Duane. Sometimes I would wonder whether to store an object in the session hash or just the id to the object, and your example cements it for me.

]]> By: J. Weir http://blog.inquirylabs.com/2006/05/12/rails-gotcha-associations-stored-in-the-session/#comment-348 J. Weir Fri, 12 May 2006 22:42:02 +0000 http://blog.inquirylabs.com/2006/05/12/rails-gotcha-associations-stored-in-the-session/#comment-348 I find it to be dangerous to store objects in sessions. I always use ids. An extreme case of why not store objects in a session: your login stores the user's object in a session. the admin upgrades/downgrades a logged in user's permissions. the logged in user will be using their old permissions, unless they log back in or code is explicitly written to observe changes to the record. I find it to be dangerous to store objects in sessions. I always use ids.

An extreme case of why not store objects in a session:

your login stores the user’s object in a session.

the admin upgrades/downgrades a logged in user’s permissions.

the logged in user will be using their old permissions, unless they log back in or code is explicitly written to observe changes to the record.

]]>