View Full Version : Authentication and remember me

26 Sep 2011, 1:14 AM

I have an app that uses authentication with Rails 3 and Devise.
Everything works the way it should but i am having second thoughts on security.

Because the app is all loaded even if you haven't authenticated yet, with a normal browser and console you can basically open the forms if you look at the source code.
I could divide the app in two, and just have a login screen and upon login it would open another page,which has the sencha app js, but i don't like the waiting around for the other app to load.

Another thing is the remember me button. When rails detects the user is already logged in, there is a piece of javascript that sets the activepage to the dashboard. Is this the correct way?


Manuel Pedro