Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am building an authentication system for my project.
What is the recommended approach to store session information (I am just storing the user’s id nothing else):
Also, what are the security concerns for using nested forms and accepts_nested_attributes_for.
Please advise.
Thanks a lot in advance.
Rails defaults to cookie storage so thats probably the way to go. In general cookie store is great especially for high traffic sites. You just shouldn’t store any mission critical things in the session (you say you’re only storing user ids which is great).
As far as security concerns for using those… I don’t think there are too many? Check out railscasts for a great tutorial on using those. Only thing that comes to mind is possibly using attr_accessible to limit the things you can mass-assign to. Also CanCan is a great gem for authorization if you need it.