I originally used basic HTTP authentication to authenticate the user with the following guide:
http://jessehowarth.com/2011/04/27/ajax-login-with-devise
I was able to successfully authenticate the user, but the session remained on forever. Failed to destroy user session. Actually, when did I add user_signed_in? development method in my creation method, it would always return the truth even when logging out via json. Therefore, I came to the conclusion that it is not possible to end the session using basic HTTP authentication. All you really can do is check if the user has already been signed up and send the status code as json back to the client.
So, I tried the authentication token route, which allowed you to create a session with an authentication token, and then destroy the session by deleting this authentication token, and the user will have to log in again to access pages that require authentication, as shown in this message:
Development and authentication with CURL!
The disadvantage of this is the fact that you have this very long line that you have to enter for every page that requires authentication, which seems a bit undesirable. I'm sorry that there wasnโt the best of the two worlds where you can enter and exit, like in a web browser.
I'm not sure that everything I'm saying is accurate, but it looks like this post:
http authentication in development and rails 3
In this post, he says that the authentication token is โmore secure than basic HTTP authentication because the key may expire.โ I assume that it means that after you log in using basic authentication and then you are logged in forever, while the authentication token can expire and force the user to log back in. Is this an accurate interpretation?
thanks for the answer
source share