Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

czhu12's Profile

GitHub User: czhu12

Comments by

Avatar

Sorry, maybe I'm not seeing it but what is stopping someone from simply setting a session called user_id manually in their browser. Wouldn't that allow them to steal someones account?