w3d4 Flashcards
What does it mean that HTTP is a stateless protocol?
All requests are independent of one another; no information is saved between requests.
What is an advantage of a stateless protocol?
It allows for server speed optimizations.
What is a cookie?
A piece of data stored in a web browser that is sent along with HTTP requests to help the server identify information about the sender; solves the problem of statelessness.
How does a server check that a cookie is valid?
When the cookie is initially set, the server stores token in its database, and it compares the sent cookie to the stored cookie token.
What is a permanent cookie?
A cookie with an expiration date very far in the future, which causes it to persist for a long time.
What is a session cookie?
A cookie without an expiration date, which will be deleted when the browser closes.
How can cookies be used, for example, to allow a non-logged in user to store items in their cart?
By giving the anonymous user a session cookie.
What is an advantage of keeping cookie sizes under 4kB?
If a cookie needs to be sent multiple times, then keeping the size small will speed up internet use.
T/F: Important information which persists can be stored in cookies.
F; Users clear cookies all the time so you shouldn’t count on its presence.
What is a session?
Data about a particular HTTP transaction which is reused for future contexts. Cookies are an implementation of sessions.
What does the sessions hash contain?
Data about previous sessions.
How do we remove something from the sessions hash?
Set it to nil
What is the flash hash?
A hash of values that is available during the next request, but is cleared with each new request.
What do we do if we want to display the flash hash in the same request?
Use flash.now
What is a CSRF attack?
A cross site request forgery, in which a deceptive form on one site sends data to another site.
