Why use database-backed sessions instead of standard cookies?

Database-backed sessions allow for server-side session revocation, 'sign out everywhere' features, and detailed security audit trails that cookie-only storage cannot provide.

Does this skill support API authentication?

Yes, the pattern includes guidance for supporting Bearer token authentication for APIs alongside standard web-based sessions.

How does this handle session security?

It implements cryptographically signed, tamper-proof cookies with HttpOnly flags to prevent XSS and SameSite: Lax settings for CSRF protection.

Can I use this for multi-device management?

Yes, the skill provides the database schema and logic needed to track user agents and IP addresses across multiple active devices per user.

Is this skill specific to Ruby on Rails?

The implementation examples use Ruby on Rails conventions (ActiveRecord, Concerns), but the architectural patterns are applicable to any modern MVC framework.

Session Management Pattern

Name: Session Management Pattern
Author: rbarazi

byrbarazi

0•

セキュリティとテスト

Implements secure, database-backed session tracking and multi-device management for web applications.

This skill provides a comprehensive pattern for building robust authentication systems using database-backed sessions rather than standard cookie-only storage. It enables critical security features like session revocation, 'sign out from all devices' functionality, and detailed security audit trails for user activity. By leveraging cryptographically signed cookies and device-specific tracking, it helps developers implement professional-grade authentication workflows that support both web and API-based access while maintaining strict security standards such as HttpOnly and SameSite protection.

主な機能

01Database-backed session persistence for activity auditing

02Multi-device support with 'sign out everywhere' capability

03Secure cookie handling with HttpOnly and SameSite: Lax protection

04Integrated session revocation and expiry management

05Support for both browser sessions and Bearer token API authentication

060 GitHub stars

ユースケース

01Building a secure user authentication system with session history

02Implementing device management dashboards in user settings

03Creating security-sensitive applications requiring audit trails for all logins

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rbarazi/agent-skills session-management

For use in Claude.ai and ChatGPT

主な機能

01Database-backed session persistence for activity auditing

02Multi-device support with 'sign out everywhere' capability

03Secure cookie handling with HttpOnly and SameSite: Lax protection

04Integrated session revocation and expiry management

05Support for both browser sessions and Bearer token API authentication

060 GitHub stars

ユースケース

01Building a secure user authentication system with session history

02Implementing device management dashboards in user settings

03Creating security-sensitive applications requiring audit trails for all logins

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rbarazi/agent-skills session-management

For use in Claude.ai and ChatGPT