I have a really special login feature in my app, so instead of plugins

Question

0

Editorial Team

Asked: May 27, 20262026-05-27T16:47:57+00:00 2026-05-27T16:47:57+00:00

I have a really special login feature in my app, so instead of plugins

0

I have a really special login feature in my app, so instead of plugins I use my own code.

In my controller I have something like

def login
  ...
  session[:customer_id] = id
end

I use CookieStore (as default). So is it secure? What if somebody edit cookies? Can he impersonates somebody with another id?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T16:47:57+00:00

A message digest is included with the cookie to ensure data integrity: a user cannot alter his user_id without knowing the secret key included in the hash. New apps are generated with a pregenerated secret in config/environment.rb. Set your own for old apps you‘re upgrading.

See http://api.rubyonrails.org/v2.3.8/classes/ActionController/Session/CookieStore.html. Please also pay attention to this sentence :

If you have more than 4K of session data or don‘t want your data to be visible to the user, pick another session store.

In your situation, it certainly doesn’t matter and you can use CookieStore without fear.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a really special login feature in my app, so instead of plugins

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply