Forum: Ruby on Rails authentication and session variables

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
7cdce9e94d317c4f0a3dcc20cc3b4115?d=identicon&s=25 Nicholas Wieland (Guest)
on 2006-02-14 02:26
(Received via mailing list)
Hi *,
I'm looking at typo authentication, and was asking myself if it's
correct to put in a session variable a user object which has_many
posts ...
Just because I'm rolling my own authentication system and want to
know what's the best way to handle this issue (other than using a
generator or a plugin, which I'd prefer not to use).

--
Nicholas Wieland
nicholas_wieland@yahoo.it








___________________________________
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
http://mail.yahoo.it
3d333b0012928f3dd5a6861cb09ad683?d=identicon&s=25 Kris Leech (Guest)
on 2006-02-14 11:28
Its best to have a look at the code for Login Engine or
Acts_as_authenticated for an idea of how to do it.

Generally you either store the whole User object in the session or just
the user_id and do a find every time to get the user object.

Storing the User in the model will not include the assosiations
(has_many etc).

Something like: (pseudo code)

*Login Controller*
def login
  @session[:user] = User.authenticate(username, password)
  if @session[:user]
  # success
  else
  # failed
  end
end

*User Model*
def self.autherticate(username, password)
  @user = User.find(username)
  if not @user
    return nil
  end
  # other checks inc. password
  # return nil as failure
end


Hope that helps, Kris.


Nicholas Wieland wrote:
> Hi *,
> I'm looking at typo authentication, and was asking myself if it's
> correct to put in a session variable a user object which has_many
> posts ...
> Just because I'm rolling my own authentication system and want to
> know what's the best way to handle this issue (other than using a
> generator or a plugin, which I'd prefer not to use).
>
> --
> Nicholas Wieland
> nicholas_wieland@yahoo.it
>
>
>
>
>
>
>
>
> ___________________________________
> Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
> http://mail.yahoo.it
This topic is locked and can not be replied to.