Forum: Ruby on Rails restful authentication (routes, resources etc)

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
John L. (Guest)
on 2007-05-24 23:12
(Received via mailing list)
Can anyone explain how restful authentication works?  I have the plugin
working to an extent.  The only thing I can't do is logout.

I'm assuming there are additional steps involved with adding methods to
the
users and sessions controllers due to the REST part.

Anyone?
Robert W. (Guest)
on 2007-05-24 23:20
(Received via mailing list)
The way I understand the implementation of restful authentication, the
act of "logging out" is to destroy (think CRUD) a Session resource.

DELETE:  http://example.com/sessions/:id
John L. (Guest)
on 2007-05-24 23:46
(Received via mailing list)
That's how I understand the plugin as well.  But shouldn't certain
methods
fall back to general POST/GET request methods as well?

I must be missing something, because I can't specify the request method
in
an url.  Can I?  So, for instance to logout, link_to('Logout',
:controller
=>'sessions', :action => 'destroy'), should allow a user to logout.
Even if
I could, it's not supported by most web servers so there has to be a
workaround.

Does anyone know of any documentation on this plugin?

John
Rick O. (Guest)
on 2007-05-25 00:01
(Received via mailing list)
On 5/24/07, John L. <removed_email_address@domain.invalid> wrote:
> That's how I understand the plugin as well.  But shouldn't certain methods
> fall back to general POST/GET request methods as well?
>
> I must be missing something, because I can't specify the request method in
> an url.  Can I?  So, for instance to logout, link_to('Logout', :controller
> =>'sessions', :action => 'destroy'), should allow a user to logout.  Even if
> I could, it's not supported by most web servers so there has to be a
> workaround.

You can just create a route for it if you want.

map.connect 'logout', :controller => 'sessions', :action => 'destroy'

--
Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
Robert W. (Guest)
on 2007-05-25 03:39
(Received via mailing list)
John,

I took a closer look at this and found that what you need is already
built into resful authentication.

Take a look at this link:
<%= link_to "Logout", session_path(session), :method => :delete %>

And the route.rb:
  # Restful Authenticate routes
  map.resources :users, :sessions

So you get the session_path(session) for free!
This topic is locked and can not be replied to.