Forum: Ruby on Rails memcached and Joe Hosteny's Salted Hash Login Generator

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
8365d053af5bcd5a2064a5e4d529f151?d=identicon&s=25 James Cox (Guest)
on 2006-03-07 10:54
(Received via mailing list)
Hey,

so - I've been fiddling about and fell in to use Joe's simple-yet-
painful SHLG (I shouldn't complain... not at least I have time to
produce one :)). I just recently plugged in memcache, and- it's not
preserving my login.

I traced the execution and it sets the output of User.authenticate (a
user AR object) into @session['user'] correctly - so login works.  My
next breakpoint is in user_system.rb where it is checking
authentication - via a before_filter. At this point, @session['user']
is empty - and @session.session_id has changed.

Any idea why my session_ids are not being preserved?

more info available on request...

  -- james
--

James Cox,
e: james@imajes.info w: http://www.imajes.info/
8e44c65ac5b896da534ef2440121c953?d=identicon&s=25 Ezra Zygmuntowicz (Guest)
on 2006-03-07 16:48
(Received via mailing list)
On Mar 7, 2006, at 1:51 AM, James Cox wrote:

> checking authentication - via a before_filter. At this point,
> e: james@imajes.info w: http://www.imajes.info/
James-

	I just dealt with the exact same problem with the salted hash login.
You could log in fine with the user/login method but when it
redirected you to a protected page it would fail. So I put
logger.debug session.inspect ion the user/login method and in the
user_system/login_required method that gets used in the before
filter. The first session right after login printed to the log fine.
But by the time it made it into the other logger message the session
was empty.

	Its not clear whether or not you are using mem-cached for session
storage or for cached-model? But this following line is what was
messing my app up:

   ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update
( :session_domain => '.localhost.com')

	You need to put that in your environment.rb. And make sure it is set
to the correct domain that you are testing your app on. It might be
different for memcached sessions but the same thing applies. Afetr
fixing this the problem went away.

Cheers-
Ezra
8365d053af5bcd5a2064a5e4d529f151?d=identicon&s=25 James Cox (Guest)
on 2006-03-09 00:31
Ezra Zygmuntowicz wrote:
> On Mar 7, 2006, at 1:51 AM, James Cox wrote:
>
>> checking authentication - via a before_filter. At this point,
>> e: james@imajes.info w: http://www.imajes.info/
> James-
>
> 	I just dealt with the exact same problem with the salted hash login.
> You could log in fine with the user/login method but when it
> redirected you to a protected page it would fail. So I put
> logger.debug session.inspect ion the user/login method and in the
> user_system/login_required method that gets used in the before
> filter. The first session right after login printed to the log fine.
> But by the time it made it into the other logger message the session
> was empty.
>
> 	Its not clear whether or not you are using mem-cached for session
> storage or for cached-model? But this following line is what was
> messing my app up:
>
>    ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update
> ( :session_domain => '.localhost.com')
>
> 	You need to put that in your environment.rb. And make sure it is set
> to the correct domain that you are testing your app on. It might be
> different for memcached sessions but the same thing applies. Afetr
> fixing this the problem went away.
>
> Cheers-
> Ezra


Ezra -

thanks. of course. it requires a valid domain for the session it can
match.... duh!
This topic is locked and can not be replied to.