Restful authentication (routes, resources etc)


#1

Can anyone explain how restful authentication works? I have the plugin
working to an extent. The only thing I can’t do is logout.

I’m assuming there are additional steps involved with adding methods to
the
users and sessions controllers due to the REST part.

Anyone?


#2

The way I understand the implementation of restful authentication, the
act of “logging out” is to destroy (think CRUD) a Session resource.

DELETE: http://example.com/sessions/:id


#3

That’s how I understand the plugin as well. But shouldn’t certain
methods
fall back to general POST/GET request methods as well?

I must be missing something, because I can’t specify the request method
in
an url. Can I? So, for instance to logout, link_to(‘Logout’,
:controller
=>‘sessions’, :action => ‘destroy’), should allow a user to logout.
Even if
I could, it’s not supported by most web servers so there has to be a
workaround.

Does anyone know of any documentation on this plugin?

John


#4

John,

I took a closer look at this and found that what you need is already
built into resful authentication.

Take a look at this link:
<%= link_to “Logout”, session_path(session), :method => :delete %>

And the route.rb:

Restful Authenticate routes

map.resources :users, :sessions

So you get the session_path(session) for free!


#5

On 5/24/07, John L. removed_email_address@domain.invalid wrote:

That’s how I understand the plugin as well. But shouldn’t certain methods
fall back to general POST/GET request methods as well?

I must be missing something, because I can’t specify the request method in
an url. Can I? So, for instance to logout, link_to(‘Logout’, :controller
=>‘sessions’, :action => ‘destroy’), should allow a user to logout. Even if
I could, it’s not supported by most web servers so there has to be a
workaround.

You can just create a route for it if you want.

map.connect ‘logout’, :controller => ‘sessions’, :action => ‘destroy’


Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com