28 min listen
303: Dear Mr. Grumpy Goose
FromThe Bike Shed
ratings:
Length:
46 minutes
Released:
Aug 3, 2021
Format:
Podcast episode
Description
Chris gives a DB sessions update and talks bifunctors & command objects. Steph shares the coolness of a gem she's been using called after_party, and excitedly gushes about her new laptop. (Chris is hoping to hold off on replacing his until the end of the year and then they can compare!)
The two then answer a listener question on retrospectives and how they've seen productive ones run, while giving some of their own helpful opinions on dos and don'ts. They're talking to you, Grumpy Goose!
dry-monads gem (https://github.com/dry-rb/dry-monads)
attr_extras gem (https://github.com/barsoom/attr_extras)
after_party gem (https://github.com/theSteveMitchell/after_party)
What Went Well? - Bike Shed 123 (https://www.bikeshed.fm/132)
What I Believe About Software - Bike Shed 172 (https://www.bikeshed.fm/172)
Is Agile Over? - Bike Shed 299 (https://www.bikeshed.fm/299)
Running a Retrospective - Upcase (https://thoughtbot.com/upcase/videos/running-a-retrospective)
Transcript:
STEPH: Cool.
[laughter]
CHRIS: Good. No, I like what you did there.
STEPH: Yeah, I feel like we can get rambling on that one.
CHRIS: It's been great. This is what the Bike Shed is at its best. It's the two of us just rambling and being like, well, what about this? And if it's this, then that, then these, and it depends. And it's complicated and it's nuanced. And what about the humans? That's the story of The Bike Shed right there. [laughs]
STEPH: Hello and welcome to another episode of The Bike Shed, a weekly podcast from your friends at thoughtbot about developing great software. I'm Steph Viccari.
CHRIS: And I'm CHRIS Toomey.
STEPH: And together, we're here to share a bit of what we've learned along the way. Hey, Chris, how's your week?
CHRIS: My week has been good. I have some updates actually on some topics from previous episodes. One of the things that I can update on is the discussion around the cookie versus the database store. So I had posed this as a thing that I was going to be doing in the app for a handful of reasons. Most notably, I wanted the ability to invalidate sessions from the server-side, wanted to have a little more control over that. And so that's a dream that the database-backed session store can do. Eventually, I have to make that actually work in the way that I want.
But I was asking the question in that episode, which we can include a link to the specific episode, but I was asking the question of why don't we just do this all the time? The database-backed sessions seem better in all these ways. It's a lower overhead per request because you're just sending the session ID and the cookie instead of the whole payload of the session. You actually can have more data stored in it, a bunch of things that seemed really great. And then right after I introduced it, I figured out the thing. I figured out the secret. It's not a big issue, and we're going to stick with database session stores. But we have to be purposeful because it turns out they are essentially plain text in the database.
And so if there's anything that you are putting into the session like say a social security number or an authentication token or other things which naturally I might have done if it was in a cookie that lives on the user's browser and never actually lives on the server, persists on the server, that seems fine to me. But now these things are getting stored in the database and that really changes the calculus, especially because if I'm not purposeful, they'll just stick around for forever. So social security is probably the most pointed example of this. If you happen to have a form in the app that accepts a social security number and you want that to persist through some number of other steps, not actually going to store the social security number in the database because that's a thing that I have actively chosen not to do. I need to send it off to some other system, but I do need to hold onto it for a few minutes. The session is a perfect place to put that unless the ses
The two then answer a listener question on retrospectives and how they've seen productive ones run, while giving some of their own helpful opinions on dos and don'ts. They're talking to you, Grumpy Goose!
dry-monads gem (https://github.com/dry-rb/dry-monads)
attr_extras gem (https://github.com/barsoom/attr_extras)
after_party gem (https://github.com/theSteveMitchell/after_party)
What Went Well? - Bike Shed 123 (https://www.bikeshed.fm/132)
What I Believe About Software - Bike Shed 172 (https://www.bikeshed.fm/172)
Is Agile Over? - Bike Shed 299 (https://www.bikeshed.fm/299)
Running a Retrospective - Upcase (https://thoughtbot.com/upcase/videos/running-a-retrospective)
Transcript:
STEPH: Cool.
[laughter]
CHRIS: Good. No, I like what you did there.
STEPH: Yeah, I feel like we can get rambling on that one.
CHRIS: It's been great. This is what the Bike Shed is at its best. It's the two of us just rambling and being like, well, what about this? And if it's this, then that, then these, and it depends. And it's complicated and it's nuanced. And what about the humans? That's the story of The Bike Shed right there. [laughs]
STEPH: Hello and welcome to another episode of The Bike Shed, a weekly podcast from your friends at thoughtbot about developing great software. I'm Steph Viccari.
CHRIS: And I'm CHRIS Toomey.
STEPH: And together, we're here to share a bit of what we've learned along the way. Hey, Chris, how's your week?
CHRIS: My week has been good. I have some updates actually on some topics from previous episodes. One of the things that I can update on is the discussion around the cookie versus the database store. So I had posed this as a thing that I was going to be doing in the app for a handful of reasons. Most notably, I wanted the ability to invalidate sessions from the server-side, wanted to have a little more control over that. And so that's a dream that the database-backed session store can do. Eventually, I have to make that actually work in the way that I want.
But I was asking the question in that episode, which we can include a link to the specific episode, but I was asking the question of why don't we just do this all the time? The database-backed sessions seem better in all these ways. It's a lower overhead per request because you're just sending the session ID and the cookie instead of the whole payload of the session. You actually can have more data stored in it, a bunch of things that seemed really great. And then right after I introduced it, I figured out the thing. I figured out the secret. It's not a big issue, and we're going to stick with database session stores. But we have to be purposeful because it turns out they are essentially plain text in the database.
And so if there's anything that you are putting into the session like say a social security number or an authentication token or other things which naturally I might have done if it was in a cookie that lives on the user's browser and never actually lives on the server, persists on the server, that seems fine to me. But now these things are getting stored in the database and that really changes the calculus, especially because if I'm not purposeful, they'll just stick around for forever. So social security is probably the most pointed example of this. If you happen to have a form in the app that accepts a social security number and you want that to persist through some number of other steps, not actually going to store the social security number in the database because that's a thing that I have actively chosen not to do. I need to send it off to some other system, but I do need to hold onto it for a few minutes. The session is a perfect place to put that unless the ses
Released:
Aug 3, 2021
Format:
Podcast episode
Titles in the series (100)
1: Sandi & Derek's Rules: Sean and Derek discuss lessons learned from following Sandi Metz' rules on a project and the overall impact of rules on code. by The Bike Shed