I am using a fairly standard authentication in my app (user model,
before_filter in application_controller). This authentication is taken
almost entirely from the 3rd ed. of the agile web dev w/ rails. A few
questions about all that -
I’m still in dev environment, but I noticed that I’m not being logged
out between sessions. I even restarted my machine and pointed my browser
to a page, and wasn’t taken to the login page first. Only if I
explicitly invoke the logout action does it actually log me out. How do
I force a logout between sessions? I tried clearing the sessions table
(rake db:sessions:clear) but that didn’t do it.
what’s a good way to implement automatic logout after some
I have many users and need to manage different permission levels.
Some users should be able to see and edit a certain page, others need to
view only, and some shouldn’t be able to access certain pages. What
would be a good way to manage that? I thought about creating a page
model and controller, and then using some joined table page_users or
something that keeps the user_id, page_id and the different boolean
permissions (can_view, can_edit, etc…). Then I’d probably need to add a
before_filter in each controller/action…
I’m quite new to rails, so I’d love to hear any better or more efficient
ideas - thanks.