Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

Anatoli Makarevich's Profile

GitHub User: makaroni4

Site: http://gistflow.com

Comments by Anatoli Makarevich

Avatar

Very useful, thanks, Ryan!!!

Real life example of similar auth you can find at http://gistflow.com (open source).

Famous Egor Homyakov hacked us using bug described here:

http://gistflow.com/posts/174

The thing is that if you store auth_token in cookies csrf protection will not work.

Good luck everyone with safe auth :)