User successfully authenticates but is not logged in as current_user in session?

Hey all,

When someone is on my login page, I have this:

<% form_for :user, :url => { :action => “login” } do |f| %>
<%= f.label(:user_email, “User Email”)%>
<%= f.text_field(:email) %>

<%= f.label(:user_password, “User Password”)%>
<%= f.password_field(:password) %>

<%= f.submit(“Login”) %>

<%= link_to ‘Register’, :action => ‘signup’ %> |
<%= link_to ‘Forgot my password’, :action => ‘forgot_password’ %>
<% end %>

<%= flash_helper %>

Note that flash_helper method calls this method in ApplicationHelper
module:

def flash_helper

  f_names = [:notice, :warning, :message]
  fl = ''

  for name in f_names
    if flash[name]
      fl = fl + "<div class=\"notice\">#{flash[name]}</div>"
    end
  flash[name] = nil;
end
return fl

end

During a post request to server, I call the authenticate class method on
User class, passing in two parameters, an email string and password:

def login
if request.post?
if session[:user] = User.authenticate(params[:user][:email],
params[:user][:password])
flash[:message] = “Login successful”
redirect_to :root
else
flash[:warning] = “Login unsuccessful”
end
end
end

authenticate is executed:

def self.authenticate(email, pass)
u=find(:first, :conditions=>[“email = ?”, email])
return nil if u.nil?
return u if User.encrypt(pass,
u.password_salt)==u.encrypted_password
nil
end

It does some sql, finds the user, and then if it finds matching email
address we call encrypt:

def self.encrypt(pass, salt)
Digest::SHA2.hexdigest(pass+salt)
end

which basically checks if the password and salt for that record match
the one for that record in the encrypted_password field of users table.

So everything works and user is returned to home page. (Note that I also
tested a wrong apssword and system correctly gave flash error)

But here’s the problem. When returned to home page, the user still does
not become current user!

Because I have this in my home page:

     <% if current_user %>
    <%= link_to "Logout", logout_path %>
  <% else %>
    <%= link_to "Create Account", signup_path %>
    <%= link_to "Login", login_path %>
   <% end %>

And it continues to shop me the login link rather than loggout, menaing
the system has not captured the record that just signed in as the
current_user. I am not sure why?

I have this in application controller:

def current_user
@current_user ||= session[:user_id] && User.find(session[:user_id])
end

So I presume that when the login process occurs the user id is stored in
session, and assigned to current_user. but apparently it’s not because
when signing in the if current_user block returns false and it triggers
the else statement instead.

Thanks for response.

On Feb 25, 7:51pm, John M. [email protected] wrote:

def login
if request.post?
if session[:user] = User.authenticate(params[:user][:email],

This is storing stuff in session[:user]

def current_user
@current_user ||= session[:user_id] && User.find(session[:user_id])
end

and this is checking session[:user_id]. Furthermore one appears to be
storing an actual user object whereas your other piece of code seems
to be expecting there to be just an id.

Fred

and this is checking session[:user_id]. Furthermore one appears to be
storing an actual user object whereas your other piece of code seems
to be expecting there to be just an id.

Fred

You’re right! Thanks.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs