Perhaps look at how the new restful_authentication
http://github.com/technoweenie/restful_authentication
does it and see if you can understand that.
-----
Ryan Bigg
Freelancer
http://frozenplague.net
On 25/11/2008, at 11:38 AM, Stan Kaufman wrote:
>
> I've got several several Rails 2.1 apps using a variant of
> restful_authentication to manage logins/sessions (actually the guts
> from Beast but it's basically restful_authentication). The apps store
> sessions in cookies per 2.1 default. The apps set two cookies -- the
> session cookie and a "login_token" cookie that gets set thus:
>
> cookies[:login_token] = {:value => "#{current_user.id};#
> {current_user.reset_login_key!}", :expires => 1.year.from_now.utc} if
> params[:remember_me] == "1"
>
> The problem is that logged-in users who then close their browsers have
> to re-login when they re-launch their browsers even when the browsers
> are set to keep cookies until they expire -- which shouldn't happen
> because the login_token cookie expires one year in the future. When
> their browsers are left open, the users remain logged in and the sites
> function perfectly normally. Checking these cookies in the browser
> confirms that the appear to be set/sent correctly.
>
> What could cause this behavior? I've thought of:
>
> - session storage location -- but moving sessions back to
> active_record doesn't fix this
> - login_token cookie lacks a :domain setting -- but setting this
> resulted in the login_token no longer showing up in the browser and
> didn't affect the problem
> - mongrel_cluster -- the sites where this problem happens are running
> mongrel_clusters with several mongrels each -- while I have one site
> where the login persists as expected and has only a single mongrel in
> front of it -- but otherwise uses the same login/session code
>
> Could this really be a mongrel_cluster issue? What else could be going
> on? This seems really weird, but also probably something really simple
> and I'm just blind.
>
> Thanks in advance for any pointers!
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
