feat: add remember me functionality for user sessions

- Implement remember method in User model to generate and store a remember token
- Update SessionsController to call remember on successful login
- Enhance current_user method to retrieve user from cookies if session is not present
- Add forget method to clear remember token on logout
- Create migration to add remember_digest column to users table

app/controllers/sessions_controller.rb

@@ -8,6 +8,7 @@ class SessionsController < ApplicationController
     # if user && user.authenticate(params[:session][:password])
     if user&.authenticate(params[:session][:password])
       reset_session
+      remember user
       log_in user
       redirect_to user
     else

app/helpers/sessions_helper.rb

@@ -3,9 +3,21 @@ module SessionsHelper
     session[:user_id] = user.id
   end
 
+  def remember(user)
+    user.remember
+    cookies.permanent.encrypted[:user_id] = user.id
+    cookies.permanent[:remember_token] = user.remember_token
+  end
+
   def current_user
-    if session[:user_id]
-      @current_user ||= User.find_by(id: session[:user_id])
+    if (user_id = session[:user_id])
+      @current_user ||= User.find_by(id: user_id)
+    elsif (user_id = cookies.encrypted[:user_id])
+      user = User.find_by(id: user_id)
+      if user && user.authenticated?(cookies[:remember_token])
+        log_in user
+        @current_user = user
+      end
     end
   end
 
@@ -13,9 +25,15 @@ module SessionsHelper
     !current_user.nil?
   end
 
+  def forget(user)
+    user.forget
+    cookies.delete(:user_id)
+    cookies.delete(:remember_token)
+  end
+
   def log_out
+    forget(current_user)
     reset_session
     @current_user = nil
   end
-
 end

app/models/user.rb

@@ -1,4 +1,5 @@
 class User < ApplicationRecord
+  attr_accessor :remember_token
   # before_save { self.email = email.downcase }
   before_save { email.downcase! }
   validates :name, presence: true, length: { maximum: 50 }
@@ -14,4 +15,33 @@ class User < ApplicationRecord
              BCrypt::Engine.cost
     BCrypt::Password.create(string, cost: cost)
   end
+
+  def User.new_token
+    SecureRandom.urlsafe_base64
+  end
+
+  def remember
+    self.remember_token = User.new_token
+    update_attribute(:remember_digest, User.digest(remember_token))
+  end
+
+  class << self
+    def digest(string)
+      cost  = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST :
+                                                      BCrypt::Engine.cost
+      BCrypt::Password.create(string, cost: cost)
+    end
+
+    def new_token
+      SecureRandom.urlsafe_base64
+    end
+  end
+
+  def authenticated?(remember_token)
+    BCrypt::Password.new(remember_digest).is_password?(remember_token)
+  end
+
+  def forget
+    update_attribute(:remember_digest, nil)
+  end
 end

app/views/layouts/application.html.erb

@@ -20,6 +20,7 @@
       <%= render 'layouts/footer' %>
       <%#= debug(params) if Rails.env.development? %>
       <%= debug(params.to_yaml) if Rails.env.development? %>
+      <%= debug(session) if Rails.env.development? %>
       <%= debug(Time.now) if Rails.env.development? %>
     </div>
   </body>

db/migrate/20250102072521_add_remember_digest_to_users.rb

@@ -0,0 +1,5 @@
+class AddRememberDigestToUsers < ActiveRecord::Migration[8.0]
+  def change
+    add_column :users, :remember_digest, :string
+  end
+end

db/schema.rb

@@ -10,13 +10,14 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.0].define(version: 2024_12_31_060757) do
+ActiveRecord::Schema[8.0].define(version: 2025_01_02_072521) do
   create_table "users", force: :cascade do |t|
     t.string "name"
     t.string "email"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.string "password_digest"
+    t.string "remember_digest"
     t.index ["email"], name: "index_users_on_email", unique: true
   end
 end