Memcached and Joe Hosteny's Salted Hash Login Generator


#1

Hey,

so - I’ve been fiddling about and fell in to use Joe’s simple-yet-
painful SHLG (I shouldn’t complain… not at least I have time to
produce one :)). I just recently plugged in memcache, and- it’s not
preserving my login.

I traced the execution and it sets the output of User.authenticate (a
user AR object) into @session[‘user’] correctly - so login works. My
next breakpoint is in user_system.rb where it is checking
authentication - via a before_filter. At this point, @session[‘user’]
is empty - and @session.session_id has changed.

Any idea why my session_ids are not being preserved?

more info available on request…

– james

James Cox,
e: removed_email_address@domain.invalid w: http://www.imajes.info/


#2

On Mar 7, 2006, at 1:51 AM, James Cox wrote:

checking authentication - via a before_filter. At this point,
e: removed_email_address@domain.invalid w: http://www.imajes.info/
James-

I just dealt with the exact same problem with the salted hash login.

You could log in fine with the user/login method but when it
redirected you to a protected page it would fail. So I put
logger.debug session.inspect ion the user/login method and in the
user_system/login_required method that gets used in the before
filter. The first session right after login printed to the log fine.
But by the time it made it into the other logger message the session
was empty.

Its not clear whether or not you are using mem-cached for session

storage or for cached-model? But this following line is what was
messing my app up:

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update
( :session_domain => ‘.localhost.com’)

You need to put that in your environment.rb. And make sure it is set

to the correct domain that you are testing your app on. It might be
different for memcached sessions but the same thing applies. Afetr
fixing this the problem went away.

Cheers-
Ezra


#3

Ezra Z. wrote:

On Mar 7, 2006, at 1:51 AM, James Cox wrote:

checking authentication - via a before_filter. At this point,
e: removed_email_address@domain.invalid w: http://www.imajes.info/
James-

I just dealt with the exact same problem with the salted hash login.
You could log in fine with the user/login method but when it
redirected you to a protected page it would fail. So I put
logger.debug session.inspect ion the user/login method and in the
user_system/login_required method that gets used in the before
filter. The first session right after login printed to the log fine.
But by the time it made it into the other logger message the session
was empty.

Its not clear whether or not you are using mem-cached for session
storage or for cached-model? But this following line is what was
messing my app up:

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update
( :session_domain => ‘.localhost.com’)

You need to put that in your environment.rb. And make sure it is set
to the correct domain that you are testing your app on. It might be
different for memcached sessions but the same thing applies. Afetr
fixing this the problem went away.

Cheers-
Ezra

Ezra -

thanks. of course. it requires a valid domain for the session it can
match… duh!