Showing error (gsub) when switching from session to cookies

Gurdipe_D · April 25, 2012, 9:34am

I am newbie to rail. Trying to develop social networking site so working
with railspace application. Everything is working fine but I stuck in
the problem when i am giving the authorization tocken to the user to
remember him/her.

My Error and controller code is below

Error:-
private method `gsub’ called for 4:Fixnum

C:/Users/Amir/Downloads/IR/ruby/lib/ruby/1.8/cgi.rb:342:in escape' C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cgi_ext/cookie.rb:73:into_s’
C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cgi_ext/cookie.rb:73:in
collect' C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cgi_ext/cookie.rb:73:into_s’
C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cookies.rb:80:in
set_cookie' C:/Users/Amir/Downloads/IR/ruby/lib/ruby/gems/1.8/gems/actionpack-2.0.2/lib/action_controller/cookies.rb:65:in[]=’
app/controllers/user_controller.rb:27:in `login’

user_controller

if request.get?
@user = User.new(:remember_me => cookies[:remember_me] || “0”)
elsif param_posted?(:user)
@user = User.new(params[:user])
user = User.find_by_screen_name_and_password(@user.screen_name,
@user.password)
if user
user.login!(session)
if @user.remember_me == “1”
cookies[:remember_me] = { :value => “1”,
:expires => 10.years.from_now }
user.authorization_token = user.id
user.save!
cookies[:authorization_token] = {
:value => user.authorization_token,
:expires => 10.years.from_now }
else
cookies.delete(:remember_me)
cookies.delete(:authorization_token)
end
flash[:notice] = “User #{user.screen_name} logged in!”
redirect_to_forwarding_url
else
@user.clear_password!
flash[:notice] = “Invalid screen name/password combination”
end
end
end

Please do the needful. I don’t have much time, I need to deliver this
project in my college.

Thanks
Amir

amir_z · April 25, 2012, 11:06am

Can you pls provide your controller with line number?

amir_z · April 25, 2012, 12:15pm

Please find my login code below.

def login
if request.get?
@user = User.new(:remember_me => cookies[:remember_me] || “0”)
elsif param_posted?(:user)
@user = User.new(params[:user])
user = User.find_by_screen_name_and_password(@user.screen_name,
@user.password)
if user
user.login!(session)
if @user.remember_me == “1”
cookies[:remember_me] = { :value => “1”,
:expires => 10.years.from_now }
user.authorization_token = user.id
user.save!
cookies[:authorization_token] = { (line no. 27)
:value => user.authorization_token, (line no. 28)
:expires => 10.years.from_now } (line no. 29)
else
cookies.delete(:remember_me)
cookies.delete(:authorization_token)
end
flash[:notice] = “User #{user.screen_name} logged in!”
redirect_to_forwarding_url
else
@user.clear_password!
flash[:notice] = “Invalid screen name/password combination”
end
end
end

amir_z · April 25, 2012, 12:27pm

On 25 April 2012 11:15, Amir Z. [email protected] wrote:

user.login!(session)
if @user.remember_me == “1”
cookies[:remember_me] = { :value => “1”,
:expires => 10.years.from_now }
user.authorization_token = user.id
user.save!
cookies[:authorization_token] = { (line no. 27)
:value => user.authorization_token, (line no. 28)
:expires => 10.years.from_now } (line no. 29)

What is the path and file name that code is in? Check very carefully
that you post the correct name, do not just type what you /think/ it
is.

Colin

amir_z · April 25, 2012, 12:53pm

On Apr 25, 5:15am, “Amir Z.” [email protected] wrote:

Please find my login code below.

cookies[:authorization_token] = { (line no. 27)
:value => user.authorization_token, (line no. 28)
:expires => 10.years.from_now } (line no. 29)

Cookie values should be strings, not integers. Also since you’ve set
authoization_token to just be the user id, this allows any user to log
into as any other user just be modifying the value of this cookie and
guessing a user_id

Fred

amir_z · April 25, 2012, 12:59pm

On 25 April 2012 11:52, Frederick C. [email protected]
wrote:

Cookie values should be strings, not integers. Also since you’ve set
authoization_token to just be the user id, this allows any user to log
into as any other user just be modifying the value of this cookie and
guessing a user_id

Why is it I only know the answers to the easy questions I wonder.

Colin

amir_z · April 25, 2012, 2:33pm

On 25 April 2012 13:22, Amir Z. [email protected] wrote:

Problem Solved

Thanks Colin

Ok, even though I only manage to answer the easy questions I get the
credit for the more difficult ones. Excellent

You might like to thank Fred too since it was he that provided the
answer.

Colin

amir_z · April 25, 2012, 2:22pm

I got the point.

Thank you so much Colin.

Now code is working fine. Problem was that I was not using the hashing
algorithm for authorization_token. It was taking the user.id as an
authorization_token.

As I apply the hashing algorithm to it. Hashing generates authorization
token as a string.

Problem Solved

Thanks Colin

Have a colorful day.

Regards
Amir

amir_z · April 25, 2012, 3:04pm

Thank you Fred.

Excellent work.

Your ideas my effort makes the code workable

Hope I will get the help in further problems as I am new to rails.

Thanks

Amir