Its best to have a look at the code for Login Engine or
Acts_as_authenticated for an idea of how to do it.
Generally you either store the whole User object in the session or just
the user_id and do a find every time to get the user object.
Storing the User in the model will not include the assosiations
Something like: (pseudo code)
@session[:user] = User.authenticate(username, password)
def self.autherticate(username, password)
@user = User.find(username)
if not @user
other checks inc. password
return nil as failure
Hope that helps, Kris.
Nicholas W. wrote:
I’m looking at typo authentication, and was asking myself if it’s
correct to put in a session variable a user object which has_many
Just because I’m rolling my own authentication system and want to
know what’s the best way to handle this issue (other than using a
generator or a plugin, which I’d prefer not to use).
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB