CODEWITHSUNDEEP
ruby-on-railsauthenticationcookies
Skyalchemist
Skyalchemist

Reputation: 461

Separate table for cookies?

I've just started Rails from a php background and I'm following this tutorial: http://ruby.railstutorial.org/chapters/sign-in-sign-out#top

At section 8.2.1- You have to add remember_token to the table users and the value of the token is placed in this field.

My question is, what if a user signs in on different computers. Since it updates the remember_token field the cookie sign in would be invalid for the previous computer(s) the user was signed in with. Doesn't it make sense to create a new table for cookies with: id, remember_token, created, user_agent_ip_address or is that over complicating things?

Upvotes: 1

Views: 62

Answers (2)

Tommy Adey
Tommy Adey

Reputation: 816

Assume the remember_token stored in the users table is a master key.
The browsers are like doors.
With a master key, you can open and close a door as you wish. Let's say you open doors A, B and C. You can choose to close door A while doors B and C remain open. That's how the remember_token works there.
You sign_in on different different browsers, then choose to sign out from some and remain signed in on the others. It doesn't mean when you sign out on a browser it automatically signs the rest out.
In the case where you want to give users access to see where(which computers) their session is currently active at(signed in) and also allow them to sign out of those computers, then a separate cookies table may be what you need.

Upvotes: 2

Benjamin Bouchet
Benjamin Bouchet

Reputation: 13181

Rails handle database session very well, read this chapter of the guide, it's pretty clear :)

http://guides.rubyonrails.org/action_controller_overview.html#session

Upvotes: 0

Related Questions