This is useful for cases like remember-me tokens and auto-unsubscribe links where the session store isn’t suitable or available.
cookies[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])
In the authentication filter:
id, time = @verifier.verify(cookies[:remember_me]) if time < Time.now self.current_user = User.find(id) end
By default it uses Marshal to serialize the message. If you want to use another serialization method, you can set the serializer attribute to something that responds to dump and load, e.g.:
@verifier.serializer = YAML
In the authentication filter example above, the time condition should be reversed: we only want to find the user if time is still in the future (because it’s the valid-until time).
So the example should look like this:
One thing to note about the code above is that it could have a security issue. If the user changes his/her password, the authentication token should expire. Hence, in a production scenario you should put in the password salt or something to allow the token to become invalidated.