To remember me

Question

To remember me

In my last project, I use https://github.com/hassox/rails_warden . It is very suitable for my needs, except that I cannot find a good way to implement remember_me. I know that it is known that it is difficult to get remember_me from a security point of view, so I hope that there will be a project that will carry out this work. Has anyone seen anything or got a good idea?

+5

ruby-on-rails ruby-on-rails-3 remember-me warden

opsb Dec 16 '10 at 14:49

source share

2 answers

,

 # User model must have remember_token attribute

 # in config.ru
 use Rack::Cookies
 run MyApp

  # in lib/strategies.rb
  Strategies.add(:cookie) do
    def valid?
      env['rack.cookies']['user.remember.token']      
    end

    def authenticate!
      if user = User.find_by_remember_token(cookies['user.remember.token'])
        success! user
      else
        fail! "Could not log in"
      end
    end
  end

  Manager.after_authentication :scope => :user do |user, auth, opts|
    auth.env['rack.cookies']['user.remember.token'] = user.generate_remember_token! # sets its remember_token attribute to some large random value and returns the value
  end

  Manager.before_logout :scoper => :user do |user, auth, opts|
    user.update_attribute :remember_token, nil
  end

+5

Macario 08 . '11 1:56

yfeldblum · Accepted Answer · 2010-12-16T15:05:35+0000

Devise , which is an authentication solution on top of Warden, is rememberable .

To remember me

More articles: