Sign in through GitHub

RailsCasts Pro episodes are now free!

Learn more or hide this

czhu12's Profile

GitHub User: czhu12

Comments by


Sorry, maybe I'm not seeing it but what is stopping someone from simply setting a session called user_id manually in their browser. Wouldn't that allow them to steal someones account?