I'm developing an API and I'd like to support authenticated user
sessions. Is it possible to pass the session information used by
devise/warden after a user has been authenticated? I know I can use
TokenAuthenticatable, but I assume the session ID is better because it
expires after some time, can be expired on a per session basis, and
I'd prefer to have a separate non-expirable auth token anyways.
I see that warden sets something like this:
warden.user.user.key"=>["User", , "Ejm5RbQhYVnNYFU7wX2o"]
Is it possible to simply refer to this in some form via GET or POST
params? Is this advisable?