Vite

Prerequisites This tutorial follows my previous post on handling Rails API authentication with React frontend. You can follow along without it, but I assume: You’re using Ruby on Rails with a React frontend You’ve implemented cookie‑based authentication How it works After login, the browser stores a secure cookie that’s automatically appended to every client request. An attacker’s site can forge requests on the user’s behalf, and they’ll be authenticated. Attack vector: Another site issues requests to your site while pretending to be the user. ...

Overview In this tutorial, you’ll learn how to implement cookie-based authentication with Rails 8. Rails offers many authentication methods—even DIY ones—but cookies are secure, easy to use, and handled automatically by browsers. While many tutorials use JWT, it has a major drawback: where do you store it? Local storage is insecure and easily exploited. Though you can secure JWTs with extra effort, it’s still a relatively new technology. If your primary API consumer is the browser, cookie-based authentication is safer and simpler. ...