Sorry to borrow the title line directly from Ben’s site, but Authlogic is the authentication system I have been looking for. Bye, bye restful authentication. Hello easy, simple, get out of my way, easily upgradeable, smartly written Authlogic.
I shouldn’t disrespect restful authentication much as she has been with me for over a year now. But every time I had to install, setup, and get the basics working in RA I couldn’t help gnashing my teeth. I jumped on the RA bandwagon like so many other Rails developers looking for an authentication system that just and move on to more important things.
Enter Authlogic by Ben Johnson of BinaryLogic. By luck, I was starting a new rails app this week, so I decided to take Authlogic out for a test drive. Following Ben’s Tutorial: Authlogic Basic Setup I had a basic login/logout/session management system up and running in a ridiculously little amount of code. The best part of Authlogic is that it truly get’s out of my way and provides me with what I need… a robust and secure methodology of authentication and session management.
The benefits of Authlogic are:
- It’s a plugin and a gem. When Ben pushes an update, getting the latest release is super simple.
- It’s a plugin and a gem. This keeps the authentication code separate from your codes, the way it should be.
- Session are treated like ActiveRecord objects. This is just as cools as it sounds and is very Rails-like.
- Better security. Authlogic uses a non-reversible token that is changed on every session initiation and password change, thus virtually eliminating session persistence and brute force session attacks.
- Ben Johnson. Ben knows what he is doing and has been quickly releasing updates.
- Ben Johnson. Sorry for the repetition, but Ben also has a nice series of tutorials with supporting project code you can download.
Thanks for the suggestion. I will be clicking over to the tutorial. I appreciate the semi-frustrations with RA and am looking for exactly what you describe in Authlogic.
Take care.
Thanks for the writeup. I keep seeing similar posts in the November timeframe–which was about when authlogic was released. What I’m looking for is evidence that things are still going well, …and also what is the simplest role authorization system to use with it?
Ed,
I still use Authlogic and like it quite a bit. From all the auth plugins I’ve looked at, Authlogic is the most rails-like. But I don’t know what the simplest one is. If you are looking for just a drop in auth system with virtually no setup, I have not seen one yet.
I think Ed was curious about what Roles/Permissions software integrates the best with AuthLogic… not what is a simpler alternative to AuthLogic.
Is it possible in authlogic to activate users via sending emails rather than authorizing right away? I see that there is a mechanism to reset the passwords? Is it possible to activate users only after they click on there email? Please let me know it would really be helpful.
@NBee:
Sure, you can use any activation scheme you want. Sorry, but I don’t have an example I can send you of email activation. Maybe you could send a quick message to Ben Johnson, the author of Authlogic as he may have one or can put up a quick tutorial.
@NBee here’s an activation tutorial that I’m just starting to implement:
http://github.com/matthooks/authlogic-activation-tutorial/tree/master
Hi, I´m starting now with Rails and I´ve sucessfully installed authlogic in my app. Had previous experience with restful_authentication and authlogic seems much better and much more rails-like.
However my needs extends to an authorization/roles scheme, I had 3hours trying to find an example/plugin that combined with authlogic and I couldn´t found.
Anyone got a hint?
Thanks
Hi Jose,
Ryan Bates CanCan gem is very simple and flexible, you could give that a try.
Ed, I still use Authlogic and like it quite a bit. From all the auth plugins I’ve looked at, Authlogic is the most rails-like. But I don’t know what the simplest one is. If you are looking for just a drop in auth system with virtually no setup, I have not seen one yet.