Forum: Ruby on Rails authentication and session variables

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Nicholas W. (Guest)
on 2006-02-14 03:26
(Received via mailing list)
Hi *,
I'm looking at typo authentication, and was asking myself if it's
correct to put in a session variable a user object which has_many
posts ...
Just because I'm rolling my own authentication system and want to
know what's the best way to handle this issue (other than using a
generator or a plugin, which I'd prefer not to use).

--
Nicholas W.
removed_email_address@domain.invalid








___________________________________
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
http://mail.yahoo.it
Kris L. (Guest)
on 2006-02-14 12:28
Its best to have a look at the code for Login Engine or
Acts_as_authenticated for an idea of how to do it.

Generally you either store the whole User object in the session or just
the user_id and do a find every time to get the user object.

Storing the User in the model will not include the assosiations
(has_many etc).

Something like: (pseudo code)

*Login Controller*
def login
  @session[:user] = User.authenticate(username, password)
  if @session[:user]
  # success
  else
  # failed
  end
end

*User Model*
def self.autherticate(username, password)
  @user = User.find(username)
  if not @user
    return nil
  end
  # other checks inc. password
  # return nil as failure
end


Hope that helps, Kris.


Nicholas W. wrote:
> Hi *,
> I'm looking at typo authentication, and was asking myself if it's
> correct to put in a session variable a user object which has_many
> posts ...
> Just because I'm rolling my own authentication system and want to
> know what's the best way to handle this issue (other than using a
> generator or a plugin, which I'd prefer not to use).
>
> --
> Nicholas W.
> removed_email_address@domain.invalid
>
>
>
>
>
>
>
>
> ___________________________________
> Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
> http://mail.yahoo.it
This topic is locked and can not be replied to.