Can insecure authentication work with disabled cookies?
2 answers
You should be able to force users to login via HTTP Auth. The use is request_http_basic_authentication
to make the browser auth request. This will be remembered by the browser.
Or is it better to override login_from_basic_auth
in authenticated_system.rb
:
def login_from_basic_auth
authenticate_or_request_with_http_basic do |login, password|
self.current_user = User.authenticate(login, password)
end
end
This will most likely force all users to view the HTTP authentication page. You should probably only do this for users who are known to lack cookie support.
+1
source to share