Forum: Ruby on Rails Give a user the option to stay logged in.

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ba79eb31ceaef95e9e52f5e5e4ec6d02?d=identicon&s=25 John Kopanas (Guest)
on 2008-11-04 15:54
(Received via mailing list)
I thought this would be so straight forward but it does not seem to be.
I want to give users the option when they login to check a checkbox that
will leave them logged in but I can not seem to figure out how.

On top of that I am trying to figure out if it matter what session store
I
am using.  Right now I am using active record but I am looking to move
over
to memcache.  Does it depend on session store?

I would really appreciate any input I can get on this subject!

--
John Kopanas
john@kopanas.com

Blog: http://www.kopanas.com
Conference: http://www.cusec.net
Twits: http://www.twitter.com/kopanas
81b61875e41eaa58887543635d556fca?d=identicon&s=25 Frederick Cheung (Guest)
on 2008-11-04 16:53
(Received via mailing list)
On 4 Nov 2008, at 14:53, John Kopanas wrote:

> I thought this would be so straight forward but it does not seem to
> be.
>
> I want to give users the option when they login to check a checkbox
> that will leave them logged in but I can not seem to figure out how.
>
> On top of that I am trying to figure out if it matter what session
> store I am using.  Right now I am using active record but I am
> looking to move over to memcache.  Does it depend on session store?

It doesn't (since the whole point is that you want something that will
outlast the session). Typically one stores a cookie with some sort of
token. Restful authentication does this, you could have a look at the
code in there.


Fred
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2008-11-04 17:57
> I want to give users the option when they login to check a checkbox that
> will leave them logged in but I can not seem to figure out how.

One note on this: Be aware that by doing this you are leaving your users
more exposed to click-jacking attacks. I, personally, hate when this
option is presented as an opt-out. It's fine to present the option, but
I recommend making it opt-in not opt-out. I also use an external
password manager and never use the built-in autofill features provided
by most modern browsers (I am using 1Password on my Mac for this, which
I highly recommend to any Mac users out there). I enter my 1Password
into a popup dialog, and not the actual username and password of the
actual site, protecting me from any click-jacking attacks.

John Kopanas wrote:
> I thought this would be so straight forward but it does not seem to be.
> I want to give users the option when they login to check a checkbox that
> will leave them logged in but I can not seem to figure out how.
This topic is locked and can not be replied to.