• watch on iTunes
• follow on Twitter
• follow on Facebook
• subscribe to RSS feed

• Browse Episodes
• RailsCasts Pro
• Notifications
• About

RailsCasts Pro episodes are now free!

Learn more or hide this

czhu12's Profile

GitHub User: czhu12

Comments by

czhu12 on #250 Authentication from Scratch (revised) 2013-07-29 14:38:02

Sorry, maybe I'm not seeing it but what is stopping someone from simply setting a session called user_id manually in their browser. Wouldn't that allow them to steal someones account?