Sorry to borrow the title line directly from Ben’s site, but Authlogic is the authentication system I have been looking for. Bye, bye restful authentication. Hello easy, simple, get out of my way, easily upgradeable, smartly written Authlogic.
I shouldn’t disrespect restful authentication much as she has been with me for over a year now. But every time I had to install, setup, and get the basics working in RA I couldn’t help gnashing my teeth. I jumped on the RA bandwagon like so many other Rails developers looking for an authentication system that just and move on to more important things.
Enter Authlogic by Ben Johnson of BinaryLogic. By luck, I was starting a new rails app this week, so I decided to take Authlogic out for a test drive. Following Ben’s Tutorial: Authlogic Basic Setup I had a basic login/logout/session management system up and running in a ridiculously little amount of code. The best part of Authlogic is that it truly get’s out of my way and provides me with what I need… a robust and secure methodology of authentication and session management.
The benefits of Authlogic are:
- It’s a plugin and a gem. When Ben pushes an update, getting the latest release is super simple.
- It’s a plugin and a gem. This keeps the authentication code separate from your codes, the way it should be.
- Session are treated like ActiveRecord objects. This is just as cools as it sounds and is very Rails-like.
- Better security. Authlogic uses a non-reversible token that is changed on every session initiation and password change, thus virtually eliminating session persistence and brute force session attacks.
- Ben Johnson. Ben knows what he is doing and has been quickly releasing updates.
- Ben Johnson. Sorry for the repetition, but Ben also has a nice series of tutorials with supporting project code you can download.