tokens work

app/controllers/application_controller.rb

@@ -12,13 +12,17 @@ class ApplicationController < ActionController::Base
   private
 
   def current_user
-    if session[:current_user_id]
-      @current_user ||= User.find(session[:current_user_id])
+    if session[:session_token]
+      @current_user ||= User.find_by(session_token: session[:session_token])
     else
       @current_user = nil
     end
   end
 
+  def log_out!
+    session[:session_token] = nil
+  end
+
   def logged_in?
     !!current_user
   end

app/controllers/session_controller.rb

@@ -5,7 +5,13 @@ class SessionController < ApplicationController
     user = User.find_by(email: user_params[:email])
 
     if user && user.authenticate(user_params[:password])
-      session[:current_user_id] = user.id
+      # session[:current_user_id] = user.id
+
+      token = SecureRandom.urlsafe_base64
+
+      session[:session_token] = token
+      user.update(session_token: token)
+
       flash[:message] = "Thanks for logging in, sinner."
     else
       flash[:message] = "Email / Password combo does not exist!"
@@ -15,7 +21,7 @@ class SessionController < ApplicationController
   end
 
   def destroy
-    session[:current_user_id] = nil
+    log_out!
 
     redirect_to root_path
   end

db/migrate/20151102165102_add_session_token_to_users.rb

@@ -0,0 +1,5 @@
+class AddSessionTokenToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :session_token, :string
+  end
+end

db/schema.rb

@@ -11,14 +11,14 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20151030132812) do
+ActiveRecord::Schema.define(version: 20151102165102) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
   create_table "confessions", force: :cascade do |t|
     t.integer  "transgression_id"
-    t.datetime "occurred_at",      default: '2015-11-02 14:55:24', null: false
+    t.datetime "occurred_at",      default: '2015-10-30 13:30:09', null: false
     t.string   "description",                                      null: false
     t.datetime "created_at",                                       null: false
     t.datetime "updated_at",                                       null: false
@@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20151030132812) do
     t.string   "password_digest", null: false
     t.datetime "created_at",      null: false
     t.datetime "updated_at",      null: false
+    t.string   "session_token"
   end
 
   add_index "users", ["email"], name: "index_users_on_email", using: :btree