0
0
Ruby on Railsframework~5 mins

Remember me functionality in Ruby on Rails

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Introduction

The "Remember me" feature helps users stay logged in even after closing the browser. It makes returning to a website easier without typing the password again.

When users want to stay logged in on their personal device.
For websites where frequent login is annoying, like social media or email.
To improve user experience by reducing login steps.
When users prefer convenience over security on trusted devices.
Syntax
Ruby on Rails
class User < ApplicationRecord
  attr_accessor :remember_token

  # Generates a new token
  def self.new_token
    SecureRandom.urlsafe_base64
  end

  # Saves a hashed token to the database
  def remember
    self.remember_token = User.new_token
    update_attribute(:remember_digest, BCrypt::Password.create(remember_token))
  end

  # Checks if token matches digest
  def authenticated?(token)
    return false if remember_digest.nil?
    BCrypt::Password.new(remember_digest).is_password?(token)
  end

  # Forgets the user
  def forget
    update_attribute(:remember_digest, nil)
  end
end

The remember_token is a temporary token stored in memory.

The remember_digest is saved in the database securely.

Examples
This method creates a token and stores its hashed version in the database.
Ruby on Rails
user.remember
# Generates token and saves digest
Stores user ID and token in cookies to keep user logged in.
Ruby on Rails
cookies.permanent.signed[:user_id] = user.id
cookies.permanent[:remember_token] = user.remember_token
Retrieves the current user by checking cookies and verifying the token.
Ruby on Rails
def current_user
  if (user_id = cookies.signed[:user_id])
    user = User.find_by(id: user_id)
    if user&.authenticated?(cookies[:remember_token])
      @current_user = user
    end
  end
end
Sample Program

This example shows how to create a remember token, save its digest, and verify it. It prints the token and checks authentication with correct and wrong tokens.

Ruby on Rails
class User < ApplicationRecord
  attr_accessor :remember_token

  def self.new_token
    SecureRandom.urlsafe_base64
  end

  def remember
    self.remember_token = User.new_token
    update_attribute(:remember_digest, BCrypt::Password.create(remember_token))
  end

  def authenticated?(token)
    return false if remember_digest.nil?
    BCrypt::Password.new(remember_digest).is_password?(token)
  end

  def forget
    update_attribute(:remember_digest, nil)
  end
end

# Simulate user login and remember me
user = User.new
user.remember
puts "Remember token: #{user.remember_token}"
puts "Authenticated with correct token: #{user.authenticated?(user.remember_token)}"
puts "Authenticated with wrong token: #{user.authenticated?("wrongtoken")}"
OutputSuccess
Important Notes

Always store only hashed tokens in the database for security.

Use secure, signed cookies to prevent tampering.

Remember to clear the token on logout to protect user accounts.

Summary

"Remember me" keeps users logged in by storing a secure token.

Tokens are hashed before saving to protect user data.

Cookies store the token and user ID to identify returning users.