Session Authentication

We're going to implement session authentication from scratch.

If you're familiar with this, you can skip.

terminal
rails new rails-session-auth-scratch

*If you steal cookie from client (csrf or xss), hacker only use that cookie for "GET" action. because of the csrf token.

https://medium.com/rubyinside/a-deep-dive-into-csrf-protection-in-rails-19fa0a42c0ef

PreviousIntroductionNextWhere to store session

Last updated