Is using token authentication necessary in my case?

0
votes

I'm building a web app that relies on a client side mvc that make ajax calls to the server with rails to get data from the database.

I thought that, since ajax call are made to a controller that require the user to be authenticated using devise, i had to use token authenticable to authenticate ajax calls.

But I've noticed that If the user login the normal way than since the session data is stored and sent with each ajax call it isn't necessary to use token authentication...

is this a bad approach?

1
ruby-on-railsauthenticationdevisetoken

1 Answers

0
votes

I don't see any issue with it. If the user is already logged in, than any ajax requests are also already authenticated. If the user is logged out, however, than the ajax requests will also be un-authenticated and may be rejected if authentication is required by the ajax call's controller. To my understanding auth token is to get the user logged in for a particular request without needing the user to login first, such as sending the user an email with a link to vote or something. And I think if the user follows that link, the browser will log them in automatically and persist that fact for subsequent requests without the token.