Menu
I am trying to find how devise generates the remember_token.
I have noticed that it is generated (and stored in a cookie) even when there is no token column in the DB to hold it. I'd like to understand how it works, but I cannot find the right location in its source.
Could anyone point me to the source code file, please?
456
The value comes from the rememberable_value method in the rememberable model.
https://github.com/plataformatec/devise/blob/master/lib/devise/models/rememberable.rb#L75
You can see there that the remember_token attribute/method if the model responds to it (which is a left over from previous versions where there was an actual DB attribute) or failing that it pulls the value from the authenticatable_salt method.
The authenticatable_salt method used, if you are using the database_authenticatable module is here:
https://github.com/plataformatec/devise/blob/master/lib/devise/models/database_authenticatable.rb#L132
That method then returns the first 29 characters of the user's encrypted password, which is then used at the remember_token.
136
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
