Rolling my first heroku app and am currently working on user authentication. (As well as authentication... for example user 1 cant access user 3's stuff).
Is it easier just to roll my own scaffolded authentication? Or use something like devise? I can do the standard salted password authentication, store the user id in the session, and then pull from the database in controllers but is that secure? Would devise be better in the long run?
Thanks for the advice:)
Devise is highly recommended, I think it would save much of your time and it currently do all the magic you need involving the session with a good security.
If you want to take on the challenge (which isn't really that big), I strongly suggest that you roll your own system. Having previously used both Authlogic and Devise I've come to the conclusion, that building your own has more advantages in the long run:
If you decide to roll your own, Ryan Bates has created an excellent screen cast on just that. Also, don't forget to test it!
Go with Devise unless you have a solid understanding of how to make a decent authentication system, AND you have a good reason to not use Devise.
And if you do roll your own, make sure you use bcrypt .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.