I am going to create an application that uses AJAX to load resources as json without reloading the page, and this requires authentication.
I already use Devise to handle registration, but for every ajax call the server needs to make sure that the user is authenticated, so I'm going to use the authenticated token that was used by Devise.
Now, in the tutorial that I read, the authors propose creating a βtokenβ controller, which after the user provides an email address and password, the token will be created or destroyed, but since there will be no apis, the token when the user enters the usual path ? (and destroy it when the user exits?)
What do you think? Any suggestion / example?
source
share