Devise and HTTP Auth
I've been using Devise in a RoR application, but never fully understood
how the entire authentication system works.
After users sends account and password to the server, what happens?
My guess is that the server sends back some data to the client, and client
saves it in the cookie. For additional requests client makes, client also
sends the data, and the server can identify who is sending the requests
from the data.
Is this true? If so, what is the data server sends back to the client? How
is it protected?
If it is not true, could you help me understand it?
Thanks!
No comments:
Post a Comment