I was trying to create a website with many users and each user is
entitled to view their account. How should I start? Cookies? Or
unique sessions? Any leads or tips on making a professional site would
be nice. Any roadblocks to consider? Thanks for your help.
typically once you are happy that the user is who they claim to be,
you do something like session[:user_id] = @user.id
Then on subsequent approaches you can do User.find(session[:user_id])
to get the logged in user. Often one uses a before_filter to restrict
access to the appropriate pages. There is a plugin
(acts_as_authenticated) that does most of this for you.