We have a look at integrating the HaveIBeenPwned service with Devise so that our users will some awareness of their password being potentially compromised.

In Rails 7.1, we're going to get a new feature that will allow us to generate tokens for attributes. With generates_token_for, a token can embed data from a record. When using the token to fetch the record, the data from the token and the data from the record will be compared.

In this episode, we explore session hijacking and an approach that we can take to limit the risk. There are some user experience and functionality caveats to this approach so they must be taken into consideration as well.