"Rails by Example" authentication implementation -

"Rails by Example" authentication implementation -

in michael hart's book code used implement authentication:

module sessionshelper def sign_in(user) cookies.permanent.signed[:remember_token] = [user.id, user.salt] #permanent # -alternatively- # cookies.signed[:remember_token]={ # :value => [user.id, user.salt], # expires => some_time.from_now # } current_user = user end def current_user=(user) @current_user = user end def current_user homecoming @current_user ||= user_from_remember_token end private def user_from_remember_token #passes array of length 2 parameter -- first slot contains id, #second contains salt encryption user.authenticate_with_salt(*remember_token) end def remember_token #ensures homecoming of double array in event #cookies.signed[:remember_token] nil. cookies.signed[:remember_token] || [nil,nil] end end

it it's job well, can either log in infinite amount of time, or limited period of time wish. has downside, cookies stored on client , dont go away if browser closed

now wondering, since rails sessions destroyed after browser closed, how combine them , cookies presented here implement authentication next characteristics:

-- if user logs in, info should stored in session after user closes browser logged of

-- if user logs in, 'remember me' checkbox selected info should stored in cookie long expiration date

what take on remains secure , simple? googled on web , found nil recent plenty (rails 3) guide me in right direction. thinking of creating 2 separate modules sessions , cookies , fire respective sign_in methods in controller whether remember_me param nowadays or not, seem lot of duplication.

ps not looking authentication gems provide functionality, id prefer implement on own.

thanks

ruby-on-rails ruby-on-rails-3 session authentication cookies