A browser sends a request (/main/index) so ROR creates an instance of
main_controller and invokes the index action on it. main_controller has
audit" as a before_filter.audit" is called first before
``index". so far so good.
def audit() does this:
// the login_controller handles the login page and // knows whether or not there's a valid login by // inspecting the session param in a certain way // which it encapsulates. // // remember: audit is a method inside main_controller c = AuthenticationController.new if c.valid_user == true // if there's a valid login . . .
The problem: when c.valid_user (that is LoginController.valid_user via
the `c’ object) attempts to read from it’s @session param it is nil.
Conclusion: AuthenticationController.new creates a new controller but
its @session param is nil.
Implication: During the normal course of routing action calls, the ROR
framework creates your controller on your behalf via its class method
.new and, at a later time, also sets the session variable for your.
The design goal here is simple: delegation: I can have exactly one
class encapsulate all the authentication stuff. However my design is
broken because of the unexpected problem of not accessing the @session