Extensions and sessions


#1

I’m creating a Radiant extensions to secure some pages in a website,
preventing it from opening without a valid login. To achieve this, I
added a before filter to the site controller and created a special
LoginPage type. If a user is not logged in and tries to enter a
secured page, it will be redirected to a page of type LoginPage and
prompted for an e-mailaddress and password. So far, so good.

The next step is to store the login information in the session, but
it seems that sessions won’t work. This is my code:

class LoginPage < Page

description %{
A login screen for secure pages
}

attr_reader :login_error

@login_error = false

def process(request, response)
debugger
if request.post?
# If the login is successfull, set the session and redirect to
the return_url or homepage
if response.session[:website_user_id] =
WebsiteUser.authenticate(request.parameters[:login][:email],
request.parameters[:login][:password])
response.redirect request.session[:return_url] || ‘/’
else
@login_error = true
super(request, response)
end
else
super(request, response)
end
end

def cache?
false
end

… Some special login tags …

end

As you can see, it should store the website_user_id inside the
response.session. Unfortunately this doesn’t work.

I enabled session support for the SiteController and tried storing
other information in the session from several places in the code.
Even from a normal action inside the SiteController, sessions won’t
get stored. The weird thing is, that sessions do work once I try to
login at the backend, but the session information from the backend is
again not available in the frontend.

I looked through all the Radiant code, disabled some parts (like the
LoginSystem), but can’t find any cause of the weird session
behaviour. What am I doing wrong?

The full code of my extension can be found at Google Code: http://
code.google.com/p/secure-pages/

Regards,

Edwin Vlieg


#2

Edwin V. wrote:

The next step is to store the login information in the session, but
it seems that sessions won’t work.

The full code of my extension can be found at Google Code: http://
code.google.com/p/secure-pages/

I’m running from the 0.6.2 gem and doing something similar (see
http://www.ruby-forum.com/topic/115871) but as of right now I’m just
using a simple module with some tags, hoping to switch to using a
dedicated page type like you are doing.

Thanks to your secure_pages_extension.rb file, this is now working for
me:

def activate
Page.class_eval { include MemberLogin }
SiteController.class_eval { session :disabled => false }
end

Previously I was doing the following, which would not work:

SiteController.class_eval { session :on }

Are your issues because of your environment config? My file has the
following set:

config.cache_classes = true
config.action_controller.consider_all_requests_local = true
config.action_controller.perform_caching = false
ResponseCache.defaults[:perform_caching] = false

Maybe your non-logged-in pages are cached, so you aren’t seeing the
logged-in versions? This is probably incorrect, as you seem to be having
trouble saving/reading sessions in general, but its worth mentioning I
guess.