Forum: Ruby on Rails restful authentication (routes, resources etc)

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
7753e83404f3e23723dee2d875b0c3a0?d=identicon&s=25 John Lauck (Guest)
on 2007-05-24 21:12
(Received via mailing list)
Can anyone explain how restful authentication works?  I have the plugin
working to an extent.  The only thing I can't do is logout.

I'm assuming there are additional steps involved with adding methods to
the
users and sessions controllers due to the REST part.

Anyone?
21f7ed21f11a809050594c82eab11d67?d=identicon&s=25 Robert Walker (Guest)
on 2007-05-24 21:20
(Received via mailing list)
The way I understand the implementation of restful authentication, the
act of "logging out" is to destroy (think CRUD) a Session resource.

DELETE:  http://example.com/sessions/:id
7753e83404f3e23723dee2d875b0c3a0?d=identicon&s=25 John Lauck (Guest)
on 2007-05-24 21:46
(Received via mailing list)
That's how I understand the plugin as well.  But shouldn't certain
methods
fall back to general POST/GET request methods as well?

I must be missing something, because I can't specify the request method
in
an url.  Can I?  So, for instance to logout, link_to('Logout',
:controller
=>'sessions', :action => 'destroy'), should allow a user to logout.
Even if
I could, it's not supported by most web servers so there has to be a
workaround.

Does anyone know of any documentation on this plugin?

John
821395fe70906c8290df7f18ac4ac6cf?d=identicon&s=25 Rick Olson (Guest)
on 2007-05-24 22:01
(Received via mailing list)
On 5/24/07, John Lauck <recaffeinated@gmail.com> wrote:
> That's how I understand the plugin as well.  But shouldn't certain methods
> fall back to general POST/GET request methods as well?
>
> I must be missing something, because I can't specify the request method in
> an url.  Can I?  So, for instance to logout, link_to('Logout', :controller
> =>'sessions', :action => 'destroy'), should allow a user to logout.  Even if
> I could, it's not supported by most web servers so there has to be a
> workaround.

You can just create a route for it if you want.

map.connect 'logout', :controller => 'sessions', :action => 'destroy'

--
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
21f7ed21f11a809050594c82eab11d67?d=identicon&s=25 Robert Walker (Guest)
on 2007-05-25 01:39
(Received via mailing list)
John,

I took a closer look at this and found that what you need is already
built into resful authentication.

Take a look at this link:
<%= link_to "Logout", session_path(session), :method => :delete %>

And the route.rb:
  # Restful Authenticate routes
  map.resources :users, :sessions

So you get the session_path(session) for free!
This topic is locked and can not be replied to.