Sessions

Because HTTP requests are stateless, you need to take special measures in order to remember a user between HTTP requests. The most common way to do this is to use the browser's cookies.

Upon logging in, your app will create a random string to serve as the session token. This token will go in the browser's cookies, as well as in your app's database in that specific user's session_token column. Now, whenever a request is made, your server can check the browser's cookie against the session_token column of your users table to see if the request is coming from a currently logged in user.

Rails makes it easy to set and retrieve cookies in the browser via the session hash. To set the browser's cookie, all you need to do is session[:session_token] = radom_token_string. When the user logs out, you should set this cookie data back to nil and change the session_token for the user in your database to end the session.