Ask A Question


You’re not receiving notifications from this thread.

Magic Link Authentication with generates_token_for in Rails 7.1 Discussion

is magic link login considered secure ?
can it be used for a production website reliably ?


As long as the tokens expire, are one-time use, and the user's email isn't compromised it should be fine. You'll still want to support 2FA through another mechanism for more security.

I much prefer email/password login so I can use a password manager.


Hi Chris,
How do you use CurrentAttributes in real world projects? as I read from several blogs that it's considered as harmful, so it's not recommended to use it.
So I want to know from your perspective regarding this.


How are CurrentAttributes implemented in practical projects? According to several blog posts, it is deemed hazardous and therefore its use is not advised.
I would therefore like to hear your perspective on this.


How can you mock this in an integration test where you need to be authenticated but you don't have access to session?

Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 83,453+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.