Forum: Ruby on Rails Remember Me login capability

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Shandy N. (Guest)
on 2008-12-12 21:46
I have a two part question.

First just wondering if anyone out there has any good Remember Me login
coding example or tutorials? I found one that is a couple years old and
it seems like if should work for a rails 2.0 application but I won't
know until I try.

Second, the code example that I did find and am intergrating has a
couple lines that are just confusing. In this example the user logins
and if the remember me check box is checked this bit of code is
executed:

# Controller code for login
@session[:user].remember_me
cookies[:auth_token] = { :value => @session[:user].remember_token ,
:expires =>
  @session[:user].remember_token_expires }

Then, theoretically you close down the browser and the next time you
open it and navigate to my website you should be automatically logged
in.

The issue that I have - and I think this is because I am not
understanding the ruby code - is, in the remember_me method of the User
model I have this bit of code:

self.remember_token = Digest::SHA1.hexdigest("#{salt}--#{self.email}--#
  {self.remember_token_expires}")

and this bit of code in the ApplicationController

user = User.find_by_remember_token(cookies[:auth_token])

When I save the value for the remember_token I don't see how I am going
to be able to find that value in the database with the
find_by_remember_token because of the odd syntax used in the hexdigest
method.

If the cookie has has a :value => '...' and a :expires => '...', how is
the find_by_remember_token going to work when the remember_token is
encrypted by saying
"#{salt}--#{self.email}--#{self.remember_token_expires}"? It just
doesn't seem to me that the encrypted info and the cookie would be the
same in the end and that I would therefore not be able to find anything
by the User.find_by_remember_token.

Not sure if this makes sense, I just didn't want to get to far into this
project without fully understanding what is going on. Thanks,

-S
Shockmeister (Guest)
on 2008-12-13 00:00
(Received via mailing list)
Theres a good example of the code you're looking for on the Railsspace
site. The URL is : http://www.railsspace.com/book/chapter7

On Dec 12, 7:46 pm, Shandy N. <removed_email_address@domain.invalid>
Robert W. (Guest)
on 2008-12-13 00:41
Shockmeister wrote:
> Theres a good example of the code you're looking for on the Railsspace
> site. The URL is : http://www.railsspace.com/book/chapter7
>
> On Dec 12, 7:46�pm, Shandy N. <removed_email_address@domain.invalid>
I'm pretty sure that
"restful_authentication":http://github.com/technoweenie/restful-authentication/tree
has that feature as well. You might look to see how it implements it.
This topic is locked and can not be replied to.