module ActiveRecord::SignedId
def signed_id(expires_in: nil, purpose: nil)
And you then change your +find_signed+ calls to require this new purpose. Any old signed ids that were not
user.signed_id purpose: :v2
version the signed_id, like so:
(or maybe you forgot to set an expiration date while meaning to!), you can use the purpose to essentially
If you accidentally let a signed id out in the wild that you wish to retract sooner than its expiration date
record. If a purpose is set, this too must match.
If the expiration date has been exceeded before +find_signed+ is called, the id won't find the designated
It can furthermore be set to expire (the default is not to expire), and scoped down with a specific purpose.
This signed id is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
Returns a signed id that's generated using a preconfigured +ActiveSupport::MessageVerifier+ instance.
def signed_id(expires_in: nil, purpose: nil) self.class.signed_id_verifier.generate id, expires_in: expires_in, purpose: self.class.combine_signed_id_purposes(purpose) end