Forum: Ruby on Rails Remember Me login capability

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Shandy N. (Guest)
on 2008-12-12 21:46
I have a two part question.

First just wondering if anyone out there has any good Remember Me login
coding example or tutorials? I found one that is a couple years old and
it seems like if should work for a rails 2.0 application but I won't
know until I try.

Second, the code example that I did find and am intergrating has a
couple lines that are just confusing. In this example the user logins
and if the remember me check box is checked this bit of code is

# Controller code for login
cookies[:auth_token] = { :value => @session[:user].remember_token ,
:expires =>
  @session[:user].remember_token_expires }

Then, theoretically you close down the browser and the next time you
open it and navigate to my website you should be automatically logged

The issue that I have - and I think this is because I am not
understanding the ruby code - is, in the remember_me method of the User
model I have this bit of code:

self.remember_token = Digest::SHA1.hexdigest("#{salt}--#{}--#

and this bit of code in the ApplicationController

user = User.find_by_remember_token(cookies[:auth_token])

When I save the value for the remember_token I don't see how I am going
to be able to find that value in the database with the
find_by_remember_token because of the odd syntax used in the hexdigest

If the cookie has has a :value => '...' and a :expires => '...', how is
the find_by_remember_token going to work when the remember_token is
encrypted by saying
"#{salt}--#{}--#{self.remember_token_expires}"? It just
doesn't seem to me that the encrypted info and the cookie would be the
same in the end and that I would therefore not be able to find anything
by the User.find_by_remember_token.

Not sure if this makes sense, I just didn't want to get to far into this
project without fully understanding what is going on. Thanks,

Shockmeister (Guest)
on 2008-12-13 00:00
(Received via mailing list)
Theres a good example of the code you're looking for on the Railsspace
site. The URL is :

On Dec 12, 7:46 pm, Shandy N. <removed_email_address@domain.invalid>
Robert W. (Guest)
on 2008-12-13 00:41
Shockmeister wrote:
> Theres a good example of the code you're looking for on the Railsspace
> site. The URL is :
> On Dec 12, 7:46�pm, Shandy N. <removed_email_address@domain.invalid>
I'm pretty sure that
has that feature as well. You might look to see how it implements it.
This topic is locked and can not be replied to.