Chapter 14. Users and Authentication
If you think technology can solve your security problems, then you donât understand the problems and you donât understand the technology.
Bruce Schneier
While sessions expand your application-building possibilities, almost any interactive application that will be around for a while needs to be able to keep track of users. You might be a little surprised to hear that Rails itself doesnât include any mechanisms for tracking users, unlike many web frameworks. That isnât so much a failure as an opportunity for developers to create their own authentication approaches. There are many gems available for Rails that make authentication a snap to implement. However, writing code for your own authentication is not terribly difficult, so that is how we will approach authentication in this chapter. The code we will be using is based on an updated version of Ryan Batesâs âAuthentication from Scratchâ Railscast. This screencast was written for Rails 3, but watching it will give you a good sense of what the code is doing. Writing your own authentication gives you much more control over your code, and if you do use a gem you may find yourself quickly overwriting or rewriting many parts of the code provided by the gem.
Get Learning Rails 5 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
