Chapter 14. Users and Authentication
If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.
While sessions expand your application-building possibilities, almost any interactive application that will be around for a while needs to be able to keep track of users. You might be a little surprised to hear that Rails itself doesn’t include any mechanisms for tracking users, unlike many web frameworks. That isn’t so much a failure as an opportunity for developers to create their own authentication approaches. There are many gems available for Rails that make authentication a snap to implement. However, writing code for your own authentication is not terribly difficult, so that is how we will approach authentication in this chapter. The code we will be using is based on an updated version of Ryan Bates’s “Authentication from Scratch” Railscast. This screencast was written for Rails 3, but watching it will give you a good sense of what the code is doing. Writing your own authentication gives you much more control over your code, and if you do use a gem you may find yourself quickly overwriting or rewriting many parts of the code provided by the gem.