I’m going to build an app which is using AJAX to load resources as json without reloading th page and it need authentication.

I’m already using Devise to handle sign up but for each ajax calls the server must ensure that the user is authenticated so I’m going to use token authenticable previded by Devise.

Now, on the tutorial I’ve read the authors suggest to create a “token” controller which after an user provide email and password the token is created or destroyed but since there aren’t going to be apis what about creating the token when the user login the normal way? (and destroying it on user logout?)

What do you think? Any suggestion/example?