[Rails] Re: authentication and user management questions

sa 125 Thu, 26 Feb 2009 00:46:19 -0800


> just to make sure: you are using active_record_store now, right?


Yeah.

> try to delete your browser's cookies and cache as well as your session
> table. maybe you have a conflict with one of the old sessions/cookies.

Deleted all cookies, cache and authenticated sessions (in firefox - 
Ctrl+Shift+Del).

> additionally check that you have the following:
>   # environment.rb:
>   config.action_controller.session = {
>     :session_key => '_myapp_session',
>     :secret      => 'secretpass' # use a long and good secret!
>   }

Definitely have all those.

>   config.action_controller.session_store = :active_record_store
> 
>   # application.rb
>   protect_from_forgery :secret => 'secretpass'

Yup, that too.


When I submit the login form, I get the error screen and the request 
parameters are showing that an authenticity token is submitted:

{"commit" => "login"
 "authenticty_token" => "bnadsas9dadasd09as8931012kjk12301i23",
 "user" => { "user_name" => "newbie",
             "password" => "topsecret" } }

So I don't know where the token comes from if it doesn't match the one 
submitted - all sessions, cookies and cache were cleared.

Again, my login form looks like this:

<% form_for :user, :url => { :action => 'do_login' } do |f| %>
  <p>user: <%= f.text_field :user_name %></p>
  <p>pass: <%= f.password_field :password %></p>
  <%= f.submit 'login' %>
<% end %>

My do_login action is this:

def do_login
  if request.post?
    user = User.authenticate(params[:user_name], params[:password])
    if user
      session[:user_id] = user.id
      uri = session[:original_uri]
      session[:original_uri] = nil
      redirect_to uri || home_page
    else
      flash.now[:notice] = "Invalid user/password - please try again"
    end
  end
end

I should mention that in my application controller I have:

before_filter :authorize, :except => :do_login

def authorize
  unless User.find_by_id(session[:user_id])
    session[:original_uri] = request.url
    flash[:notice] = "please log in"
    redirect_to :controller => 'login', :action => 'do_login'
  end
end

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

[Rails] Re: authentication and user management questions

Reply via email to