I’m creating a Radiant extensions to secure some pages in a website,
preventing it from opening without a valid login. To achieve this, I
added a before filter to the site controller and created a special
LoginPage type. If a user is not logged in and tries to enter a
secured page, it will be redirected to a page of type LoginPage and
prompted for an e-mailaddress and password. So far, so good.
The next step is to store the login information in the session, but
it seems that sessions won’t work. This is my code:
class LoginPage < Page
description %{
A login screen for secure pages
}
attr_reader :login_error
@login_error = false
def process(request, response)
debugger
if request.post?
# If the login is successfull, set the session and redirect to
the return_url or homepage
if response.session[:website_user_id] =
WebsiteUser.authenticate(request.parameters[:login][:email],
request.parameters[:login][:password])
response.redirect request.session[:return_url] || ‘/’
else
@login_error = true
super(request, response)
end
else
super(request, response)
end
end
def cache?
false
end
… Some special login tags …
end
As you can see, it should store the website_user_id inside the
response.session. Unfortunately this doesn’t work.
I enabled session support for the SiteController and tried storing
other information in the session from several places in the code.
Even from a normal action inside the SiteController, sessions won’t
get stored. The weird thing is, that sessions do work once I try to
login at the backend, but the session information from the backend is
again not available in the frontend.
I looked through all the Radiant code, disabled some parts (like the
LoginSystem), but can’t find any cause of the weird session
behaviour. What am I doing wrong?
The full code of my extension can be found at Google Code: http://
code.google.com/p/secure-pages/
Regards,
Edwin Vlieg