Welcome, RailsConf-goers!

Hi! Thanks for dropping by, and for watching my talk, “A Deep Dive Into Sessions.”

Here are some extras, resources, things that didn’t quite fit in. Consider them a gift to you, for spending your time with me.

First, here are the slides for my talk:

With those, you can check out all the session best practices and debugging techniques I shared in the talk, without having to race me through slides.

But you shouldn’t grab the code snippets from that. You have better things to do with your time than copy-and-paste code from a PDF.

Instead, I’ve created a gem, CookieDecryptor, to help you peek into encrypted sessions. Include that into your Rails app in dev mode, and you can dig into your app’s session cookies. Check it out!

During the talk, I mentioned a few links and files:

  • Check out the code for Rails’ CacheStore, for an example of how to write your own session store. It’s by far the easiest session store to understand.
  • Firesheep is the tool that allowed you grab other peoples’ cookies.
  • Postman and Paw are great tools for sending test requests for web servers and debugging server cookie issues.
  • mitmproxy is one of my all-time favorite debugging tools. It sits between your browser and the internet, and shows you all the traffic going by. Including request and response headers and cookies.
  • This article and this StackOverflow question have a ton of great information about the domain cookie attribute, and how different browsers treat it differently. If you run into problems with cookies not being sent when you think they should, or getting sent to domains they shouldn’t, these are great articles to re-read.
  • Here’s an article about session secrets, and how dangerous they can be if you create them yourself, or copy someone else’s. But you don’t need to worry about that, because you’re using rake secret to generate your session secrets. Right? Right?!

If you want to learn more about sessions and Rails, I highly recommend the Ruby on Rails Security Guide and the Sessions section of the Action Controller Overview.

Here’s the article of mine that spawned this talk, How Rails Sessions Work.

I’ve also collected a few of my best articles below. They’ll help you write cleaner code, find and fix performance problems, write better tests, and more:

Read through them – I know they’ll help you out.

And finally, I’m running a sale on my book, Practicing Rails, for RailsConf! Until 11:59PM on April 30th, use this link to get a copy for $34, 30% off the normal price.


If you want to write high-performing, high-quality, successful Ruby apps, there’s a lot you’ll need to know. It feels impossible to keep up. But if you don’t seek out new knowledge, you’ll start to fall behind.

To help you write great Ruby and Rails apps, I’ll send you an email tutorial every week. You don’t have to find them, they’ll come right to you. Sign up below, and you’ll learn how to speed up your apps, discover new Rails features, write more effective tests, write code more quickly, and become a better Ruby developer.

And as a bonus, as soon as you sign up, I’ll send you the first chapter of Practicing Rails, my book about learning Rails without being overwhelmed, free:

Sign up, and let's explore the fun and exciting world of Ruby together.