On Wednesday, 25 April 2012 03:53:59 UTC-4, Ruby-Forum.com User wrote:
>
> Thanks Colin
> we are calling it as an object. Please find my login code below.
>
> def login
> if request.get?
> @user = User.new(:remember_me => cookies[:remember_me] || "0")
> elsif param_posted?(:user)
> @user = User.new(params[:user])
> user = User.find_by_screen_name_and_password(@user.screen_name,
> @user.password)
> if user
> user.login!(session)
> if @user.remember_me == "1"
> cookies[:remember_me] = { :value => "1",
> :expires => 10.years.from_now }
> user.authorization_token = user.id
>
This is where things go wrong - user.id is not a string.
> user.save!
> cookies[:authorization_token] = { (line no. 27)
> :value => user.authorization_token, (line no. 28)
>
The cookie value here *must* be a string - passing in a Fixnum is what's
causing the error. The original RailsSpace code sets the token to a hashed
string, not the user's id.
Regarding RailsSpace: that book is wildly out-of-date (I note that you're
using Rails 2.0.2 from the traces above) and does some things that were
extremely questionable even for that time period. For instance, storing
passwords in cleartext in the DB is strongly discouraged - it's led to
*massive* security breaches over the years on other web applications.
Here's an updated tutorial from the RailsSpace authors, so you're not
learning the 2007 version of the framework:
http://ruby.railstutorial.org/?railsspace=1
--Matt Jones
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/2m0e7TsQvuIJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
