Forum: Ruby on Rails modern day auth

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Matt H. (Guest)
on 2009-05-22 23:32
(Received via mailing list)
It's been quite a while since I last rolled out a rails app, and now I
have to start on another. I'm wondering what is the currently accepted
method for implementing authentication and authorisation.

My last apps used a fairly well modified version of
restful_authentication, which as I remember was a right PITA to install
into a new application. It mainly consisted of several hours of copying
and pasting from existing apps (installing it from scratch was even
slower due to my modifications).

Has anyone got any advice for making my life a little easier? I don't
have any wild requirements:

* Session based login/logout with forms
* Ability for users to reset passwords with email tickets
* Possibility to switch between admin-only or open registration (with
         email confirmations)
* Maybe a nice management interface

All that was implemented with my modified restful_auth, but as I keep
moaning, it took far too long to redo for each app.

Any tips greatly appreciated.

Py J. (Guest)
on 2009-05-23 00:08
Check Authlogic ( But I advise you to
take a very good look at the code and docs because it makes a lot
of trade-offs in order to make it a "plug-and-play" gem instead of
a generator.
This topic is locked and can not be replied to.