Steve Polito

@jho406 here's where I left off: ```ruby require "active_support/core_ext/string" require "rspec" # TODO: form_with(model: nil, scope: nil, url: nil, format: nil, **options, &block) def form_props(url: nil, scope: nil, **options) builder...

@matt17r thank you for opening this issue! I just tested this, and you're absolutely right. The call to [local](https://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-local-3F) is not necessary, and will not work as expected in production....

That's a great catch! Yes, it should be an `elsif`. Thank you for pointing this out.

@alexventuraio thank you for taking the time to make this PR and #11. I'm still wrapping up this guide, so there's a chance the PR you issued might need to...

@ayushn21 thank you for taking the time to post this since I think it's valuable information. Since the [API](https://api.rubyonrails.org/classes/ActiveRecord/SignedId/ClassMethods.html#method-i-find_signed) mentions that using a `singed_id` is "... particularly useful for things...

I appreciate you taking the time to highlight this though. I'm learning a lot!

Thank you for your diligence here. Let me make sure I'm understanding this correctly. 1. A user confirms their email address, and bookmarks the URL that they used to have...

Thank you for the clarification, I'll plan on addressing this soon 👍

Thank you for pointing this out! This is making me wonder if I should just force SSL instead: ```ruby # config/environments/production.rb Rails.application.configure do ... config.force_ssl = true end ```

Oh, interesting. Will the stolen cookie still be encrypted? Does `httponly` simply prevent JavaScript from accessing this value?