Archive RSS Email

A more secure remember token

Jul 1, 2013 • posted by Michael Hartl

I recently received a helpful email from reader Yuri Krichevsky pointing out a way to improve the security of the “remember me” tokens used in the Ruby on Rails Tutorial book. Since I’m gearing up to release the Rails 4.0–compatible version, I decided to go ahead and implement the more secure method. The result appears starting in Section 8.2.1 of the new version, with the corresponding sample app code available on GitHub. I’ve edited it carefully, but there were a lot of little changes, so it’s possible some errors slipped through. If you get the chance, please take a look at it and let me know if it works as advertised.

Michael Hartl

I’m Michael Hartl—author, educator, and entrepreneur. I’m probably best known as the creator of the Ruby on Rails Tutorial, a book and screencast series that together constitute one of the leading introductions to web development. Once called his “favorite book” by Wikipedia founder Jimmy Wales, the Ruby on Rails Tutorial currently has over 150 5-star reviews at Amazon. I’m also (in)famous for creating Tau Day and The Tau Manifesto, which have inspired an international movement dedicated to the proposition that “pi is wrong.” (For example, as a result of The Tau Manifesto, MIT releases their admissions decisions each year at “Tau Time” (6:28 p.m.), and typing tau/2 at Google yields 3.14159…) Finally, I’m a founder of Softcover, a publishing system and sales platform for technical authors, which among other things powers both The Tau Manifesto and the Ruby on Rails Tutorial.

I’m a graduate of Harvard College and have a Ph.D. in Physics from Caltech, where I studied black hole dynamics and was an award-winning instructor in theoretical and computational physics. I’m also an alumnus of Y Combinator, the entrepreneur program that has produced companies such as Dropbox and Airbnb. (Alas, my own Y Combinator startup was neither Dropbox nor Airbnb.)