Rob, I see what you're saying, esp., given your comment:
"you have to load the user info (session + User model) to check the permission anyway so you have to hit the database" Unlike what I sense is anticipated by the Authlogic example code, I take the following approach in my app: unauthenticated users can use all app functionality up to a certain point, when they have to register (a try-before-you-buy approach.) So, under this approach I have to apply the require_user approach in a before_filter for every action, not just those associated with a few protected pages. This just seems like a lot of work. It's like adding a layer of authentication goo all over my app and unlike, preferably, enabling authentication as a 'switch' to my app. Lille On Jul 2, 12:20 pm, Rob Biedenharn <[email protected]> wrote: > On Jul 2, 2010, at 12:02 PM, Lille wrote: > > > @Rob - Yes, I see what you're referring to in the Authlogic example > > code. I guess I can feel comforted by that... > > > @Marnen, @Rob - ...but isn't reliance on session expensive, e.g., if > > I've chosen server-side ActiveRecordStore session storage? > > Um, compared to what? If the work to instantiate the session from the > database, alter a value, and write it base is your bottleneck, I'd say > you have one blazingly fast application ;-) > > I wouldn't worry about that (at least no yet). You have to load the > user info (session + User model) to check the permission anyway so you > have to hit the database. > > -Rob > > > > > > > > > On Jul 2, 11:51 am, Rob Biedenharn <[email protected]> > > wrote: > >> On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote: > > >>>> My hope would be for something like: > > >>>> redirect_to :back > > >>>> But this is a no-go... > > >>> Why? > > >> Well, for one thing, you don't always have an HTTP_REFERER (if the > >> user types a URL into the browser for example). > > >> You get this nearly for free with Authlogic anyway. Just modify the > >> example require_user and associated code to fit your needs. > > >> -Rob > > >> Rob Biedenharn > >> [email protected] http://AgileConsultingLLC.com/ > >> [email protected] http://GaslightSoftware.com/ > > > -- > > You received this message because you are subscribed to the Google > > Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails- > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected] > > . > > For more options, visit this group > > athttp://groups.google.com/group/rubyonrails-talk?hl=en > > . > > Rob Biedenharn > [email protected] http://AgileConsultingLLC.com/ > [email protected] http://GaslightSoftware.com/ -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
