Authentication in Rails, where to start?

Im learning Rails by building apps.

I want to make my first authenticated app: users signup, login, do some changes in models they have access to and logout.

I did the G开发者_StackOverflow中文版oogle search but it is quite confusing: many plugins, many tutorials. Don't know where to start.

Is there a state-of-the-art authentication method for Rails? What do you use in Production to authenticate your users?

Any help in this will be helpful. Thanks

I've used authlogic in the past and have been quite happy with it. Ryan has a railscast (video tutorial) for authlogic here.

+1 to Jason, -1 to NSD and sparky. Authentication system is not the thing you want to build yourself, at least if you're aiming for production use. It's like inventing your own encryption algorithm - it's a lot more safe to use something extensively tested and well-developed.

I've also been using authlogic, but there are some alternatives over there - like the good old restful authentication, and devise, which I guess is more modern so to speak. BTW the two latest railscasts are devoted to devise.

If your application is simple and just want a simple and secure user login page you might want to look into the Restful Authentication plugin. Its very easy to use and if you don't have much authentication requirements this should do fine.

script/plugin install git://github.com/technoweenie/restful-authentication.git
script/generate authenticated user sessions
rake db:migrate

You can find out more by checking out this excellent railscast.

As A beginner I would recommend Restful Authentication as its simple to set up and will get you up and running with no time

following is a step by step guid

http://avnetlabs.com/rails/restful-authentication-with-rails-2

and authlogic - (http://github.com/binarylogic/authlogic) is another great plug in which is more flexible but requires some work to implement user registration and stuff

cheers, sameera

One man's state-of-the-art authentication system is another man's worthless pile of garbage. You're almost always better off rolling your own in the long run. O'Reilly's Ruby Cookbook has some extremely basic examples that will set you off in the right general direction, then you can decide whether or not other people's solutions are right for you.

I would agree with NSD. Figuring out the plugins & how they should mesh with your application to me longer than creating an auth system in my latest application.

My tips - create a user_sessions controller and use normal CRUD methods to handle creating/destroying (ie logging in & out). Create another model for the user - it can handle create accounts & updating (ie changing passwords). Stick a :before_filter on each controller which needs protection.