Losing session variable with acts_as_authenticated

Hi,

I initially set up acts_as_authenticated to require a user login before
accessing and updating pages on my recipe site. This worked fine with no
problems with the user session.

Now, I have changed the setup so that a few pages are available to the
public, while others that involve create/update/delete actions require a
user that is logged in. So I created a login form as a partial to
include on
every single page. The sign in form displays if not logged in; if the
user
is logged in it will display a welcome message to the user.

Now I’m encountering problems where my session[:user] variable gets
reset to
nil whenever I do a post request. I still have the session, but I just
lose
the variable, and find myself having to explicitly send the user ID as
hidden input and re-assign the session[:user] variable. Has anyone
encountered this problem, or have any idea why this would be happening?

Thanks in advance.

View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13206124
Sent from the RubyOnRails Users mailing list archive at Nabble.com.

I am using exactly this trick on my http://eq2guild.flame.org/ site,
and have experienced no problems with it.

Can you compare the html code on that opening page with what you have
in yours? I can send you my controller snipit if it will help.

–Michael

Hi Michael,

Thanks for your reply. Our login forms are pretty much the same except
that
your form calls on the /account/login action, whereas mine calls on
/recipe
(I had put my login action in my application controller so that it would
be
accessible to all my controllers).

This is how I generated it in my view: <% form_for :login, login do %>

It works on my /recipe page, but I just recently noticed that I can’t
log in
from my other pages.

Aside from that issue, it would be great if I could take a look at your
controller code. To me, it doesn’t really seem like any of my
update/edit
actions for recipes explicitly change any session variables (except when
I
have to re-assign my session[:user] variable to keep the user logged
in).

Michelle

Michael G.-5 wrote:


View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13238698
Sent from the RubyOnRails Users mailing list archive at Nabble.com.

Wait, you have your login method in all your controllers? May I ask
why? :slight_smile:

It seems that having one definite action to log one in is a very good
thing. That is, /login or /account/login or /log_me_in should be the
only controller/action with a login method. After all, you don’t log
into a recipe, do you? :slight_smile:

If you require a user to log in before they do certain operations,
that’s also easily done:

class ToonController < ApplicationController
before_filter :login_required, :except => [ :list,
:show,
:show_avatar,
:classes,
:tradeskills ]

Or, in each method:

def new
if !logged_in?
flash[:notice] = ‘You cannot create characters without logging
in.’
redirect_to :action => “list”
else
@toon = Toon.new
end
end

My account controller:

class AccountController < ApplicationController
def login
return unless request.post?
self.current_user = User.authenticate(params[:login],
params[:password])
if logged_in?
redirect_back_or_default(:controller => ‘welcome’, :action =>
‘index’)
flash[:notice] = “Logged in successfully”
end
end

def logout
cookies.delete :auth_token
reset_session
flash[:notice] = “You have been logged out.”
redirect_back_or_default(:controller => ‘welcome’, :action =>
‘index’)
end

As I mentioned, I’m using a modified acts_as_authenticated plugin.

–Michael

Sorry, what I mean is that I had put my login method inside my
application
controller so it’s accessible to the rest of my controllers. If I leave
my
login method in the account controller, my other controllers throw an
exception with the error “undefined method login”.

My login and logout methods otherwise look similar to yours (they’re
unmodified from acts_as_authenticated).

This is how I’m rendering the login box in the main layout:

<%= render :partial => ‘account/login’, :locals => { :current_user =>
@current_user } %>

_login.rhtml (I just changed it so that login is now back in the account
controller):

<% if flash[:notice] %>
<%= flash[:notice] %>
<% end %>

<% if logged_in? %>
<%= 'Welcome, ’ + current_user.first_name + "! » " %>
<%= link_to ‘Logout’, :controller => ‘account’, :action => ‘logout’ %>
<% else %>
<% form_tag “/account/login” method=“post” %>

Login
<%= text_field_tag 'login', login %>

Password
<%= password_field_tag 'password' %>

Remember me: <%= check_box_tag 'remember_me' %>

<%= submit_tag 'Log in' %>

<% end %> <% end %>

Michael G.-5 wrote:

If you require a user to log in before they do certain operations,

My account controller:
end

–Michael


View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13241996
Sent from the RubyOnRails Users mailing list archive at Nabble.com.

On 10/16/07, miss_michelle [email protected] wrote:

Sorry, what I mean is that I had put my login method inside my application
controller so it’s accessible to the rest of my controllers. If I leave my
login method in the account controller, my other controllers throw an
exception with the error “undefined method login”.

You should never have “login” run via the path /recipe/login, or
/book/login, etc. probably – you always want /account/login – so
login should be in account_controller.rb only. If you put it in
app/controllers/application.rb, I believe it can be accessed via
/recipe/login, etc.

If you need to refer to it inside a different controller, you can
always redirect to the login page:

redirect_to :controller => :account, :action => :login

This is how I’m rendering the login box in the main layout:

What you did looks basically the same as mine…

Here’s my app/views/account/login.rhtml file:

<% form_tag do -%>

Login
<%= text_field_tag 'login' %>

Password
<%= password_field_tag 'password' %>

<%= submit_tag 'Log in' %>

<% end -%>

This renders to:

Login

Password

I’m wondering why you’re login form is in a login.rhtml rather than a
partial
named _login.rhtml? When I try the <% form_tag do -%> it renders the
action
to go to the page that I’m current on, eg. /recipe/list.

Basically, I’m trying to get the layout to be just like yours: login
form
included onto each page as a partial. But when I put the login method
back
into the application, my recipe controller is complaining about an
undefined login method. Incidentally, trying to access the path
/recipe/login results in an error because I have no layout page for
that.

Michael G.-5 wrote:

You should never have “login” run via the path /recipe/login, or

This is how I’m rendering the login box in the main layout:
<%= password_field_tag ‘password’ %>

Password


View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13242535
Sent from the RubyOnRails Users mailing list archive at Nabble.com.

It turns out that I had been requiring the login method in a
before_filter,
which is why my application was breaking when I moved the login method
back
to the account controller. It works now… I’m able to log in from
different
pages, and it also fixed my session problem :slight_smile:

Thanks so much for your help!

Michael G.-5 wrote:

<% form_tag(:controller => “account”, :action => “login”) do %>


View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13261345
Sent from the RubyOnRails Users mailing list archive at Nabble.com.

My bad. I have two login forms actually – that one is displayed when
the user goes to /admin/login specifically.

Here is the one I put in my sidebars, which appears on every page
unless the user is logged in. And no I don’t have this in a partial
either, but I probably should…

<% form_tag(:controller => "account", :action => "login") do %> Username <%= text_field_tag(:login, params[:login], :size => 12, :class => "lfield") %>

Password <%= password_field_tag(:password, params[:password], :size => 12, :class => "lfield") %>

<%= submit_tag "Log In", :class => "submit_button" %> <% end %>

This renders into:

Username

Password