Type:
Class
MessageVerifier makes it easy to generate and verify messages
which are signed to prevent tampering.
This is useful for cases like remember-me tokens and auto-unsubscribe links where the session store isn't suitable or available.
Remember Me:
1 | cookies[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now]) |
In the authentication filter:
1 2 3 4 | id, time = @verifier.verify(cookies[:remember_me])if time < Time.now self.current_user = User.find(id)end |
By default it uses Marshal to serialize the message. If you want to use another serialization method, you can set the serializer in the options hash upon initialization:
1 | @verifier = ActiveSupport::MessageVerifier.new('s3Krit', serializer: YAML) |