Hi,
From what I understand, the general consensus is that you shouldn’t
store objects in the session, because your object references may
become stale.
The LoginEngine seems to use session[:user] frequently instead of
using something like session[:user_id].
How should the user be identified in the session? Is LoginEngine
doing it according to the current best practices? Is it doing some
magic under the covers to automatically populate the session with the
current user object by the time the controller method is invoked?
Thanks,
Brad
I’m not sure if this actually answers your questions (or how accurate
this is 
– I’m still very much grappling with all this!), so someone
else may come along and correct this :). But this is what I think I’ve
figured out:
Bradley M. wrote:
The LoginEngine seems to use session[:user] frequently instead of
using something like session[:user_id].
session[:user] is the array which holds all of the current user's
session data
session[:user].id, by extension, is one particular element in that
array
session[:user_id] does not appear to be a valid reference.
How should the user be identified in the session? Is LoginEngine
doing it according to the current best practices? Is it doing some
magic under the covers to automatically populate the session with the
current user object by the time the controller method is invoked?
LoginEngine provides ‘current_user’ which is a helper method available
to all views, which returns the current user from the session. So, for
instance, in my application.rhtml, I print the the current user’s login
(session[:user].login) with <%= current_user.login %>. I don’t know
whether this method represents “current best practices” or not.
Beyond that, @fullname is a variable defined by the home method in the
user controller (is there any shorthand for referring X method in Y
controller?), which just concatenates current_user.firstname and
current_user.lastname . You can see this used in the default home.rhtml.
AFAIK, that’s all the magic going on which pertains to accessing session
data, at least for use in views. But I haven’t yet read through all of
the available methods listed on
http://api.rails-engines.org/login_engine/, and I’ve really just skimmed
the code.
Gwen