Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
253 views
in Technique[技术] by (71.8m points)

Rails authentication issue

I am relatively new to rails and right now I am developing a simple log in log out system.

In my app when I log in the URL generated is:

localhost:3000/user/index/7

When I log out I get back to the root. But if copy this URL and paste it in another browser window i get instantly logged in without being directed to the log in form. How to correct this issue.

I tried to store user id in session hash and then upon logout i have set user id in session to be nil. But that does not work. Help needed.

Edited:

In my Home controller

class HomeController < ApplicationController
   def signin
     user=User.find(:all,:conditions=>["user_login=? AND user_password=?",params[:user]     [:username],params[:user][:password]);

   if user!=nil
        session[:user_id]=user.user_id;
        redirect_to({:controller=>'user'})
   end

   end
end

In User controller i have a logout method:

def logout
   session[:user_id]=nil;
   redirect_to({:controller=>'home'});
end

My routes.rb file looks like this:

ActionController::Routing::Routes.draw do |map|

  map.root :controller => "home",:action => "index"
  map.connect ':controller/:action/:id'
  map.connect ':controller/:action/:id.:format'
end

Edited:

I have solved this issue I was not checking id value in session hash in User controller index method. But I have another question If i have an app in rails 2.3.17 and I want to shift it to latest version how much changes will I have to make

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You can set before_filter for those actions in the controller. using that before_filter you can check session is nil or value is present.

Otherwise you can follow this railscasts video

http://railscasts.com/episodes/250-authentication-from-scratch


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...