Forum: Ruby on Rails Remember Me login capability

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
C4bfcc81ac9281cb905f38e97e4d4e0b?d=identicon&s=25 Shandy Nantz (snantz)
on 2008-12-12 20:46
I have a two part question.

First just wondering if anyone out there has any good Remember Me login
coding example or tutorials? I found one that is a couple years old and
it seems like if should work for a rails 2.0 application but I won't
know until I try.

Second, the code example that I did find and am intergrating has a
couple lines that are just confusing. In this example the user logins
and if the remember me check box is checked this bit of code is
executed:

# Controller code for login
@session[:user].remember_me
cookies[:auth_token] = { :value => @session[:user].remember_token ,
:expires =>
  @session[:user].remember_token_expires }

Then, theoretically you close down the browser and the next time you
open it and navigate to my website you should be automatically logged
in.

The issue that I have - and I think this is because I am not
understanding the ruby code - is, in the remember_me method of the User
model I have this bit of code:

self.remember_token = Digest::SHA1.hexdigest("#{salt}--#{self.email}--#
  {self.remember_token_expires}")

and this bit of code in the ApplicationController

user = User.find_by_remember_token(cookies[:auth_token])

When I save the value for the remember_token I don't see how I am going
to be able to find that value in the database with the
find_by_remember_token because of the odd syntax used in the hexdigest
method.

If the cookie has has a :value => '...' and a :expires => '...', how is
the find_by_remember_token going to work when the remember_token is
encrypted by saying
"#{salt}--#{self.email}--#{self.remember_token_expires}"? It just
doesn't seem to me that the encrypted info and the cookie would be the
same in the end and that I would therefore not be able to find anything
by the User.find_by_remember_token.

Not sure if this makes sense, I just didn't want to get to far into this
project without fully understanding what is going on. Thanks,

-S
32edf22df6932b252d7be5a1b9b766c9?d=identicon&s=25 Shockmeister (Guest)
on 2008-12-12 23:00
(Received via mailing list)
Theres a good example of the code you're looking for on the Railsspace
site. The URL is : http://www.railsspace.com/book/chapter7

On Dec 12, 7:46 pm, Shandy Nantz <rails-mailing-l...@andreas-s.net>
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2008-12-12 23:41
Shockmeister wrote:
> Theres a good example of the code you're looking for on the Railsspace
> site. The URL is : http://www.railsspace.com/book/chapter7
>
> On Dec 12, 7:46�pm, Shandy Nantz <rails-mailing-l...@andreas-s.net>
I'm pretty sure that
"restful_authentication":http://github.com/technoweenie/restful-authentication/tree
has that feature as well. You might look to see how it implements it.
This topic is locked and can not be replied to.