Forum: Radiant CMS Extensions and sessions

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
81d060797f61976a0703b995825963fd?d=identicon&s=25 Edwin V. (edwin-v)
on 2007-07-22 14:17
(Received via mailing list)
I'm creating a Radiant extensions to secure some pages in a website,
preventing it from opening without a valid login. To achieve this, I
added a before filter to the site controller and created a special
LoginPage type. If a user is not logged in and tries to enter a
secured page, it will be redirected to a page of type LoginPage and
prompted for an e-mailaddress and password. So far, so good.

The next step is to store the login information in the session, but
it seems that sessions won't work. This is my code:

class LoginPage < Page

   description %{
     A login screen for secure pages
   }

   attr_reader :login_error

   @login_error = false

   def process(request, response)
     debugger
     if request.post?
       # If the login is successfull, set the session and redirect to
the return_url or homepage
       if response.session[:website_user_id] =
WebsiteUser.authenticate(request.parameters[:login][:email],
request.parameters[:login][:password])
         response.redirect request.session[:return_url] || '/'
       else
         @login_error = true
         super(request, response)
       end
     else
       super(request, response)
     end
   end

   def cache?
     false
   end

   # ... Some special login tags ...

end

As you can see, it should store the website_user_id inside the
response.session. Unfortunately this doesn't work.

I enabled session support for the SiteController and tried storing
other information in the session from several places in the code.
Even from a normal action inside the SiteController, sessions won't
get stored. The weird thing is, that sessions do work once I try to
login at the backend, but the session information from the backend is
again not available in the frontend.

I looked through all the Radiant code, disabled some parts (like the
LoginSystem), but can't find any cause of the weird session
behaviour. What am I doing wrong?

The full code of my extension can be found at Google Code: http://
code.google.com/p/secure-pages/

Regards,

Edwin Vlieg
78b41a243b4657853813db803786deee?d=identicon&s=25 David Piehler (lackoflove)
on 2007-07-30 23:47
Edwin V. wrote:
> The next step is to store the login information in the session, but
> it seems that sessions won't work.
>
> The full code of my extension can be found at Google Code: http://
> code.google.com/p/secure-pages/

I'm running from the 0.6.2 gem and doing something similar (see
http://www.ruby-forum.com/topic/115871) but as of right now I'm just
using a simple module with some tags, hoping to switch to using a
dedicated page type like you are doing.

Thanks to your secure_pages_extension.rb file, this is now working for
me:

def activate
  Page.class_eval { include MemberLogin }
  SiteController.class_eval { session :disabled => false }
end

Previously I was doing the following, which would not work:

SiteController.class_eval { session :on }


Are your issues because of your environment config? My file has the
following set:

config.cache_classes = true
config.action_controller.consider_all_requests_local = true
config.action_controller.perform_caching = false
ResponseCache.defaults[:perform_caching] = false

Maybe your non-logged-in pages are cached, so you aren't seeing the
logged-in versions? This is probably incorrect, as you seem to be having
trouble saving/reading sessions in general, but its worth mentioning I
guess.
This topic is locked and can not be replied to.