Authentication and session variables


#1

Hi *,
I’m looking at typo authentication, and was asking myself if it’s
correct to put in a session variable a user object which has_many
posts …
Just because I’m rolling my own authentication system and want to
know what’s the best way to handle this issue (other than using a
generator or a plugin, which I’d prefer not to use).


Nicholas W.
removed_email_address@domain.invalid


Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
http://mail.yahoo.it


#2

Its best to have a look at the code for Login Engine or
Acts_as_authenticated for an idea of how to do it.

Generally you either store the whole User object in the session or just
the user_id and do a find every time to get the user object.

Storing the User in the model will not include the assosiations
(has_many etc).

Something like: (pseudo code)

Login Controller
def login
@session[:user] = User.authenticate(username, password)
if @session[:user]

success

else

failed

end
end

User Model
def self.autherticate(username, password)
@user = User.find(username)
if not @user
return nil
end

other checks inc. password

return nil as failure

end

Hope that helps, Kris.

Nicholas W. wrote:

Hi *,
I’m looking at typo authentication, and was asking myself if it’s
correct to put in a session variable a user object which has_many
posts …
Just because I’m rolling my own authentication system and want to
know what’s the best way to handle this issue (other than using a
generator or a plugin, which I’d prefer not to use).


Nicholas W.
removed_email_address@domain.invalid


Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
http://mail.yahoo.it