Newbie question on usersession

madmax · February 21, 2007, 11:46pm

all:
prob a stupid question… new to ruby/rails.

I have a working ruby on rails app on my server. However, i don’t
provide authentication service. (login etc)… In my workplace, there
is a centrally authenticated URL- if ppl go there first, they can get
authenticated. i thought i will put my html start page in this
centrally authenticated place(with a form and hidden param and
redirect to my ruby on rails server).

I however, want to prevent ppl directly using http://myServer/app/main

So,
in my main method, i do this
def controller_main
@user = @params[‘user’]
if (@user == nil)
redirect_to “http://goway.com” # basically send them to some no
accesspl
end
end

This looked good… but the problem is: i have other methods like list
def list

This lists all my data

#here my check for @user always returns nil. Why?
end

Only main method gets access to the html hidden param ‘user’. i dont
know why storing it in @user does not work (i thought its instance
variable).

madmax · February 21, 2007, 11:59pm

madmax wrote:

all:
prob a stupid question… new to ruby/rails.

I however, want to prevent ppl directly using http://myServer/app/main

So,
in my main method, i do this
def controller_main
@user = @params[‘user’]
if (@user == nil)
redirect_to “http://goway.com” # basically send them to some no
accesspl
end
end

This looked good… but the problem is: i have other methods like list
def list

This lists all my data

#here my check for @user always returns nil. Why?
end

You need a before_filter in you application.rb to ensure that this @user
object gets created on every request. Instance variables in the
controller only exist for the length of one request, and then die.

#application.rb
class ApplicationController < ActionController::Base
before_filter :authenticate
def authenticate
@user = @params[‘user’]
redirect_to login_url unless @user
end
end

madmax · February 22, 2007, 3:07am

Thanks for your reply. It still does not work for me.
It only works on access to my main page (since the html redirect is
passing a hidden param).
in the login server, my html page content is like this

---------------------

once my main page is loaded - http://myServer/app/main , in that
main.rhtml, i have link defined like below.
<%= link_to “(Show all Books)”,
:controller => “app”,
:action => “list” %>

now, clicking on link, redirects me to login page (even though i did
come from that)…
so the authenticate method stores the @user = @params[‘user’]… but it
also seems to lose it

madmax · February 25, 2007, 5:55pm

the way i solved is using session[:user] = @params[‘user’]

and in other methods i just use the value of session[:user]

Newbie question on usersession

This lists all my data

This lists all my data

Thanks for your reply. It still does not work for me. It only works on access to my main page (since the html redirect is passing a hidden param). in the login server, my html page content is like this

Thanks for your reply. It still does not work for me.
It only works on access to my main page (since the html redirect is
passing a hidden param).
in the login server, my html page content is like this