Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Hi Dear #277

wants to merge 1 commit into from

1 participant


I just did a single sign on with Authlogic by simply sharing the cookie. It's so simple and cool. Once you logged into a single application, you logged into all applications.

I don't want to share database between my applications, so I synchronize user data to all applications that have their own database.

I can easily synchronize all user data (persistence_token, login and crypted_password) between my applications, but id(primary key) because the id is special and increased by the sequence automatically. so that the same user with same login and persistence_token has different id in different application.

So please do not store the primary key in cookies. I think persistence_token works so good, why do we still need to store primary key?


This is for quicker lookups and also added verification.

@ghost ghost closed this
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Aug 9, 2011
  1. @lewisou
This page is out of date. Refresh to see the latest.
2  lib/authlogic/session/cookies.rb
@@ -165,7 +165,7 @@ def persist_by_cookie
def save_cookie
controller.cookies[cookie_key] = {
- :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
+ :value => "#{record.persistence_token}",
:expires => remember_me_until,
:secure => secure,
:httponly => httponly,
2  test/session_test/cookies_test.rb
@@ -120,7 +120,7 @@ def test_after_save_save_cookie
ben = users(:ben)
session =
- assert_equal "#{ben.persistence_token}::#{}", controller.cookies["user_credentials"]
+ assert_equal "#{ben.persistence_token}", controller.cookies["user_credentials"]
def test_after_destroy_destroy_cookie
Something went wrong with that request. Please try again.