A more secure remember token

Jul 1, 2013 • posted by Michael Hartl

I recently received a helpful email from reader Yuri Krichevsky pointing out a way to improve the security of the “remember me” tokens used in the Ruby on Rails Tutorial book. Since I’m gearing up to release the Rails 4.0–compatible version, I decided to go ahead and implement the more secure method. The result appears starting in Section 8.2.1 of the new version, with the corresponding sample app code available on GitHub. I’ve edited it carefully, but there were a lot of little changes, so it’s possible some errors slipped through. If you get the chance, please take a look at it and let me know if it works as advertised.