Rails makes session[:user_id] = 42 feel like a hash write, but CookieStore serializes and encrypts session data into a browser cookie. This article traces that pipeline, the 4KB cookie limit, and why sessions should carry identity instead of application state.

URL: https://railsrevelry.substack.com/p/sessions-are-not-server-memory?r=4jsb