You think you’re clever, editing .htaccess files, or adding some middleware code to your application.rb file to protect your staging server, but you’re not. Everyone hates that little username/password sheet. You know the one (see Fig. 1 above). Your clients hate it, your coworkers hate, yes, even your mom hates it. It’s overkill, and it doesn’t work with password managers, and it only gets remembered for a session. The reason that client hasn’t emailed your back? Because they’re too embarrassed to ask for the login credentials for a fifth time.
Add Lockup to your rails bundle. Choose a lockup codeword and add it to your application.yml file (if you’re using figaro) or to your application.rb file and you're set.
Now you have a simple, pretty, codeword-protected site that always redirects properly and is remembered on a particular browser until the codeword is changed. Oh, and for your less technically-inclined clients or team members, you can pass the codeword in the link you send them and they never even have to type it in.
Go ahead, try it. Jim from account services will love you. And so will your mom.