Chapter 14. Users and Authentication

While sessions expand your application-building possibilities, almost any interactive application that will be around for a while needs to be able to keep track of users. You might be a little startled to hear that Rails itself doesn’t include any mechanisms for tracking users, unlike most current web frameworks. That isn’t so much a failure as an opportunity for developers to create their own authentication approaches. When getting started, however, it’s probably wisest to work with the commonly used restful_authentication plug-in. (The code for this example is available in ch14/students007.)


Note that the restful_authentication plug-in is based on the older acts_as_authenticated plug-in. Many applications use, and much documentation describes, acts_as_authenticated, which has similar data structures but doesn’t operate in a RESTful way.


Authentication is a complicated enough project that it’s worth fitting into a more sophisticated application, like the students and courses example. The first step toward adding authentication to it is to install the restful_authentication plug-in. From the application directory, enter:

$ script/plugin install http://svn.techno-

In Heroku, you’ll want to use the Gems & Plugins link under the vendor folder in the editor. In addition to the usual list of files being added, this installer reports some documentation and security issues. ...

Get Learning Rails now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.