Ruby on Rails Interview Questions and Answers — Controller — Part 3

9 min readOct 24, 2023


  • How can you optimize database queries and reduce the N+1 query problem in Rails controllers?
  • How do you manage sessions in a Rails application, and what is session fixation?
  • Explain the concept of filtering and how you can use it in Rails controllers.
  • What is the purpose of response formats in Rails controllers, and how do you handle different formats?
  • Describe the difference between respond_to and respond_with in Rails controllers.

11. How can you optimize database queries and reduce the N+1 query problem in Rails controllers?

Optimizing database queries and addressing the N+1 query problem is crucial for improving the performance and efficiency of your Ruby on Rails applications. The N+1 query problem occurs when you fetch a collection of records and then subsequently make an additional database query for each record to retrieve associated data.

This can lead to a large number of database queries and result in poor performance. To optimize database queries and reduce the N+1 problem in Rails controllers, you can follow these best practices:

Use Eager Loading (Active Record Associations)

Eager loading allows you to retrieve associated data in a more efficient manner, reducing the N+1 problem. You can use methods like includes, joins, or preload when querying the database to specify which associations to load.

# Without Eager Loading (N+1 problem)
@posts = Post.all
@posts.each { |post| puts post.comments.count }

# With Eager Loading (No N+1 problem)
@posts = Post.includes(:comments)
@posts.each { |post| puts post.comments.count }

Select Only Necessary Fields

By default, Active Record queries retrieve all fields from the table. However, you can optimize your queries by selecting only the columns you need. This reduces the amount of data retrieved from the database, improving query performance.

# Select specific fields
@users =, :name)

Utilize Counter Caching

If you frequently need to count associated records (e.g., counting comments on a post), you can use counter caching. This involves adding a counter column to the parent model that keeps track of the number of associated records. This way, you can access the count without performing additional queries.

Use pluck for Specific Data Retrieval

The pluck method allows you to retrieve a specific attribute or a set of attributes from the database without loading entire objects. It's more efficient when you don't need the full object.

# Retrieve an array of specific attribute values
@user_ids = User.pluck(:id)


Utilize caching mechanisms like fragment caching and page caching to store and serve frequently accessed data from memory or storage, reducing the need for repeated database queries.


Implement pagination to limit the number of records fetched at a time. This can reduce the load on the database and improve query performance.

Database Indexing

Ensure that your database tables are appropriately indexed. Indexes can significantly speed up database queries by allowing the database to quickly locate the relevant data.

Benchmark and Profile

Use tools like Rails built-in query logging or external profiling tools to identify and analyze slow database queries in your application. This will help you pinpoint the areas that need optimization.

Database Query Analysis

Regularly analyze your database queries using tools like the Bullet gem or the database-specific query analyzer (e.g., EXPLAIN in PostgreSQL) to identify potential performance bottlenecks.

Caching Strategies

Consider implementing caching strategies, such as fragment caching or caching at the application layer (e.g., Redis or Memcached), for frequently accessed data.

12. How do you manage sessions in a Rails application, and what is session fixation?

Sessions are used to store and manage user-specific data between HTTP requests. Sessions are a fundamental part of web application development, as they allow you to maintain state and authentication information across multiple requests. Rails provides a straightforward way to work with sessions using its built-in session management system.


Rails uses cookies to store session data by default. You can configure session settings in the config/application.rb or an environment-specific configuration file (e.g., config/environments/development.rb or config/environments/production.rb). You can set various options like the session store, cookie name, and more.

Example configuration in config/application.rb:

config.session_store :cookie_store, key: '_my_app_session'

Accessing Session Data: You can access the session data in your controller and view like a regular Ruby hash.

# Setting a session variable
session[:user_id] = 123

# Accessing a session variable
user_id = session[:user_id]

Session Store Options: Rails supports various session stores, such as cookies, databases, or external stores like Redis. You can choose the appropriate session store based on your application’s needs and configuration. To use a different session store, you can configure it in the config/application.rb file.

Session Expiry: By default, Rails sessions are persistent cookies that last until the browser is closed. You can configure session expiry by setting the expire_after option in your configuration to specify a time duration.

config.session_store :cookie_store, key: '_my_app_session', expire_after: 1.hour

Now, let’s talk about session fixation

Session fixation is a security vulnerability that occurs when an attacker can set a user’s session identifier to a known value. This could be exploited to impersonate a legitimate user, as the attacker knows the session identifier. Here’s how session fixation works:

The attacker obtains a session ID: The attacker tricks the user into using a session ID controlled by the attacker (e.g., by sending a link with a predetermined session ID).

User logs in: The user logs in using the session ID provided by the attacker.

Attacker gains access: Since the attacker knows the session ID, they can now access the user’s session and potentially perform actions on the user’s behalf.

To prevent session fixation attacks in a Rails application, you can follow these best practices:

Use a new session: When a user logs in, create a new session and invalidate the old one, ensuring that the session ID is regenerated.

Rotate session IDs: Periodically rotate session IDs, such as when the user changes authentication status (e.g., logs in or logs out).

Secure session management: Always use secure session management practices and ensure that your session data and tokens are properly protected from attacks.

13. Explain the concept of filtering and how you can use it in Rails controllers

Filtering refers to the process of intercepting and processing requests before or after they reach a controller’s action method. Filters allow you to perform actions such as authentication, authorization, input validation, or any other pre- or post-processing tasks on a per-controller basis. Rails provides a variety of filters that can be applied to controllers to add functionality and enhance the request/response cycle.


These filters run before the controller action is executed. They are commonly used for tasks like authentication, authorization, or setting up instance variables. You can specify before_action in the controller class to apply to all actions or for specific actions only.

class UsersController < ApplicationController
before_action :authenticate_user, except: [:index, :show]

# Your controller actions go here


These filters run after the controller action is executed but before the response is sent to the client. They are used for tasks like logging or modifying the response. You can use after_action in a similar way to before_action.

class PostsController < ApplicationController
after_action :log_request

# Your controller actions go here


This filter allows you to wrap the entire action execution. You can run code before and after the action, effectively controlling how the action is executed.

class AdminController < ApplicationController
around_action :check_admin

# Your controller actions go here

Conditional Filters

You can use conditional logic to determine when filters should be applied. For example, you can use the if and unless options to conditionally apply a filter based on certain conditions.

class ApplicationController < ActionController::Base
before_action :check_age, if: :logged_in?


def logged_in?
# Your authentication logic here

Skip Filters

You can skip filters for specific controller actions using the skip_before_action, skip_after_action, and skip_around_action methods. This is useful when you want to exclude certain actions from the filter.

class UsersController < ApplicationController
skip_before_action :authenticate_user, only: [:index, :show]

# Your controller actions go here

Filters are a powerful tool for adding cross-cutting concerns to your application, improving maintainability, and keeping your code DRY (Don’t Repeat Yourself). They help you encapsulate common functionality in a reusable and organized way, making your controllers cleaner and more focused on their core responsibilities.

Additionally, filters are instrumental for handling concerns like authentication, authorization, logging, and other request/response processing tasks in your Rails application.

14. What is the purpose of response formats in Rails controllers, and how do you handle different formats?

Response formats in Ruby on Rails controllers serve the purpose of delivering different types of responses (e.g., HTML, JSON, XML, etc.) for the same action based on the client’s request. Rails controllers are designed to handle a variety of formats to support both web browsers and other types of clients (e.g., mobile apps or APIs). The choice of response format is often determined by the client’s Accept header in the HTTP request.

Determine the Request Format

Rails automatically detects the requested format based on the Accept header sent by the client. This header specifies the desired response format, such as HTML, JSON, XML, or others. You can access the request format using request.format. In a controller action:

def show
if request.format.html?
# HTML response handling
elsif request.format.json?
# JSON response handling
elsif request.format.xml?
# XML response handling
# Add more format checks as needed

Render Different Response Formats

You can render different response formats by specifying the format in the render method:

def show
@item = Item.find(params[:id])
respond_to do |format|
format.html # Renders an HTML template (default)
format.json { render json: @item }
format.xml { render xml: @item }

In the example above, the respond_to block specifies how to render different formats. For HTML, Rails will render the default view template. For JSON and XML, it will render JSON and XML representations of the @item object.

Implicit Format Handling

Rails also provide implicit rendering for different formats. If you have view templates or views with the same name as the action for a specific format (e.g., show.html.erb or show.json.jbuilder), Rails will automatically use these templates based on the request format. If the request format is JSON, Rails will automatically render show.json.jbuilder.

Customizing Response Formats

You can define custom formats in your application by specifying the format and MIME type mappings in your config/initializers/mime_types.rb file.

Mime::Type.register "application/pdf", :pdf

After defining a custom format, you can use it in your controller actions as you would with any other format.

Handling Unsupported Formats

If a client requests a format that your application doesn’t support, Rails will raise an ActionController::UnknownFormat exception. You can handle this by providing a custom error response or redirection.

By handling different response formats, Rails allows you to create versatile web applications that can serve both web browsers and other types of clients, such as mobile apps or APIs, with the appropriate data representation. This flexibility is valuable when building modern web applications that need to support multiple client types and communication standards.

15. Describe the difference between respond_to and respond_with in Rails controllers


respond_to is a method used in Rails controllers to specify how to respond to different request formats (e.g., HTML, JSON, XML). It allows you to define different response blocks for various formats within a single action method. You explicitly declare how you want to handle each format, specifying what to render or how to respond.

def show
@item = Item.find(params[:id])
respond_to do |format|
format.html # Render HTML template (default)
format.json { render json: @item }
format.xml { render xml: @item }

In the above code, for an HTML request, Rails will render the default view template. For JSON and XML requests, it will render JSON and XML representations of the @item object.

respond_to provides fine-grained control over how each format is handled within the same action.


respond_with is a higher-level method that simplifies the handling of different response formats by automatically generating responses based on the request format and the action. It's part of the Responders gem, which is not included by default in a Rails application. You need to add the gem to your Gemfile and install it.

With respond_with, you define the supported formats at the class level, and the method generates appropriate responses based on the request. You don't need to specify each format's response individually within the action.

class ItemsController < ApplicationController
respond_to :html, :json, :xml

def show
@item = Item.find(params[:id])

In this example, you declare the supported formats at the controller level with respond_to, and then, in the show action, you simply call respond_with(@item), and Rails will automatically generate the appropriate response based on the request format.

While respond_with simplifies your controller code, it requires additional setup and the use of the Responders gem.

I appreciate you taking the time to read this. Please follow me on Medium and subscribe to receive access to exclusive content in order to keep in touch and continue the discussion. Happy Reading..!




Consultant | Freelancer | Ruby on Rails | ReactJS