Home > DeveloperSection > Forums > Implementation of “Remember me” in a Rails application
Ankit Singh

Total Post:341

Points:2389
Posted on    December-28-2014 11:34 PM

 Ruby on Rails Ruby on Rails  Ruby  Http 
Ratings:


 1 Reply(s)
 511  View(s)
Rate this:
My Rails-app has a sign in box with a "remember me" checkbox. Users who check that box should remain logged in even after closing their browser. I'm keeping track of whether users are logged in by storing their id in the user's session.

But sessions are implemented in Rails as session cookies, which are not persistent. I can make them persistent:


    class ApplicationController < ActionController::Base
      before_filter :update_session_expiration_date

      private

      def update_session_expiration_date
        options = ActionController::Base.session_options
        unless options[:session_expires]
          options[:session_expires] = 1.year.from_now
        end
      end
    end
But that seems like a hack, which is surprising for such common functionality. Is there a better way?



jayprakash sharma
jayprakash sharma

Total Post:117

Points:821
Posted on    December-28-2014 11:55 PM

I have spent a while thinking about this and came to some conclusions. Rails session cookies are tamper-proof by default, so you really don't have to worry about a cookie being modified on the client end.

Here is what I've done:

Session cookie is set to be long-lived (6 months or so)
Inside the session store
An 'expires on' date that is set to login + 24 hours
user id
Authenticated = true so I can allow for anonymous user sesssions (not dangerous because of the cookie tamper protection)
I add a before_filter in the Application Controller that checks the 'expires on' part of the session.
When the user checks the "Remember Me" box, I just set the session[:expireson] date to be login + 2 weeks. No one can steal the cookie and stay logged in forever or masquerade as another user because the rails session cookie is tamper-proof.

Don't want to miss updates? Please click the below button!

Follow MindStick