Scott is so right as this being contradictory. You are trying to seek a specific user where uniqueness of that user is not established. Mathematically you need some transitional element. You simply need to gather another identifying aspect of your user. Thereafter, you can encrypt data ( username and other_element) served, the same way you are likely encrypting your user password.
Liz
Hello,
How can i hide the params in browser url. I read many blogs and suggestions.
They suggested me to use to_params friendlyid gem.
These are both good suggestions (to_param in your model, or the FriendlyId gem included in your model).
FriendlyId is the much more robust solution, and the readme on the GitHub page is pretty clear about how to add it to a working application. You'll need a migration and a bit of configuration in your model, and you need to change ModelName.find to ModelName.friendly.find wherever you are using a bare find method. But once that's done, you should be able to use whatever attribute you like as the seed of your "slug", which will replace the :id segment of your URLs. users/24 will become users/fred-rogers or whatever you can dream up.
Using to_param makes the same sort of sense, but it would require more work on your part. Every time I set out to do that because "it's too much work to get FriendlyId working", I find all sorts of edge cases that I didn't think through, and I end up ripping out the home-grown thing and using FF anyway.
But if you're curious, you can add a method in your model named to_param, and have it return any parameter you like:
before_save :update_slug
def to_param
slug
end
private
update_slug
self.slug = "#{first_name}-#{last_name}.downcase
end
Of course, then you have to ensure that first_name-last_name is globally unique, which it probably isn't. FriendlyId thinks of that, and will add serial numbers to the end of the slug to disambiguate.
And having done that, you need to change your ModelName.find methods to ModelName.find_by!(slug: params[:id]) (don't forget the ! after the method, or you won't get a 404 when the URL isn't correct).
Walter