Session Authentication

We're going to implement session authentication from scratch.

If you're familiar with this, you can skip.

terminal

rails new rails-session-auth-scratch

*If you steal cookie from client (csrf or xss), hacker only use that cookie for "GET" action. because of the csrf token.

Last updated 6 years ago

We're going to implement session authentication from scratch.

If you're familiar with this, you can skip.

terminal

rails new rails-session-auth-scratch

*If you steal cookie from client (csrf or xss), hacker only use that cookie for "GET" action. because of the csrf token.