--- title: Always Remember Me teaser: tags: web,rails,clearance,open source author: Dan Croak published_on: 2009-09-01 --- Clearance now uses only cookies with a long expiration as its default. The effect is always remembering the user unless they ask to be signed out. > "I'll never let go, Jack! I'll never let go!" ## A better "remember" default A couple of weeks ago, I asked [how Clearance should handle \"remember me\"](https://thoughtbot.com/blog/post/164115286/remember-me) PJ Hyett's argument won the day: > Assuming people using shared computers can't remember to log out is insulting > at best and annoying to everyone else that has exclusive access. Cookies with > long expirations should always be the default. Clearance, as of today's 0.8.2 release, works exactly this way. ## Cleaner under the hood Fewer conditionals. No special cases. Just do one thing well. ```diff def current_user - @_current_user ||= (user_from_cookie || user_from_session) + @_current_user ||= user_from_cookie end def user_from_cookie if token = cookies[:remember_token] - return nil unless user = ::User.find_by_remember_token(token) - return user if user.remember? + ::User.find_by_remember_token(token) end end ``` If you look through the recent commits, it's a glorious sea of red as lines of code were removed. ## Deprecations of shoulda macros Originally, we had between a dozen and two dozen shoulda macros. They're almost all deprecated now, continuing a trend over the last six months. The macros that have survived are: sign_in_as(Factory(:email_confirmed_user)) sign_in sign_out should_deny_access should_forbid ## Want to upgrade You'll want to: * migrate your schema * watch out for a cookies gotcha * regenerate Cucumber features * remove the "remember me" checkbox! ## Migrate your schema If you decide to upgrade, you'll need to [migrate your database schema](http://gist.github.com/178607), as we also finally addressed the "double duty" that `token`/`token_expires_at` used to play. It is now split into a `confirmation_token` and a `remember_token`. ## Cookies gotcha Like most things in software, this decision comes with a tradeoff. When cookies are set, they are not available until the next request. So be careful with functional tests that depend that cookies. Try to use the `current_user` method where possible. ## Cucumber features This is a minor change. They mostly combine "remember me" scenarios into the basic scenario. If you don't want to run the generator again, you can probably figure out what needs to be altered on your own. ## Issues As always, if you find any issues, please report them at [Github Issues](http://github.com/thoughtbot/clearance/issues). Thanks and happy coding!