Hi - I am using a fairly standard authentication in my app (user model, before_filter in application_controller). This authentication is taken almost entirely from the 3rd ed. of the agile web dev w/ rails. A few questions about all that -
1. I'm still in dev environment, but I noticed that I'm not being logged out between sessions. I even restarted my machine and pointed my browser to a page, and wasn't taken to the login page first. Only if I explicitly invoke the logout action does it actually log me out. How do I force a logout between sessions? I tried clearing the sessions table (rake db:sessions:clear) but that didn't do it. 2. what's a good way to implement automatic logout after some inactivity? 3. I have many users and need to manage different permission levels. Some users should be able to see and edit a certain page, others need to view only, and some shouldn't be able to access certain pages. What would be a good way to manage that? I thought about creating a page model and controller, and then using some joined table page_users or something that keeps the user_id, page_id and the different boolean permissions (can_view, can_edit, etc..). Then I'd probably need to add a before_filter in each controller/action.. I'm quite new to rails, so I'd love to hear any better or more efficient ideas - thanks. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
