Over the summer, we explored the good, the bad, and the ugly of designing a Vue.js front-end web application (an SPA) with a Rails API backend.

One of the more interesting aspects has been figuring out how to “log in” users given that the API has protected resources that require authentication.

The common approach is to use an API access token. But there’s a security vulnerability with that option. 😳

So we asked ourselves: Is there a better way?

Indeed there is: Rails session cookies! 🍪

We wrote up a tutorial that walks through the problem and a solution that you might find helpful if your application has similar requirements.

Enjoy!