|
|
|
|
|
|
by sellingwebsite
2488 days ago
|
|
|
It works great if you won't deviate from the common use case. Otherwise, you have to do all sorts of crazy monkey patching. On top of that, it is a relatively old project that has to keep legacy code for backwards compatibility. I decided to roll my own auth, but was very cognizant about the risks of going down this route. I used primitives provided by Rails (has_secure_password, has_secure_token) and made sure that my implementation is not susceptible to known exploits, such as session fixation attack: https://guides.rubyonrails.org/security.html#session-fixatio... |
|
|
What have you needed to do that isn’t well supported by devise?