I am implementing the backend of an iOS mobile application with a Ruby on Rails app. I am currently doing user creation and authentication and have ran into some issues. I have an API that allows users to create a user account via RESTful routes. I am trying to now set up some sort of process that allows the user to log in to the newly created account. I think the login process should go something like this: when the user logs in the api creates some sort of mobile session and when they log out the client terminates the session from their end. First off I was wondering if this is the correct way to implement such a system?
Secondly I would like to get some ideas on how this system should be set up. My first thought would be to create new database model named xsession or msession that holds all of the device specific variables such device tokens and user information that's relevant to the session. The session would be created after the password is verified against the one already stored in the user database model. The session would be tied to the users ID and upon log out would be removed from the database. This would create a table in which the rows would represent all active mobile sessions. Is this the best way to do this? Let me know what everyone thinks, this is my first time implementing something like this and I'm excited to see if I'm on the right track.
