SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Thread: Ruby on Rails: Checking for a session

  1. Apr 7, 2009 08:09 #1
    TFDM
    TFDM is offline
    SitePoint Enthusiast
    Join Date
    Jan 2008
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Ruby on Rails: Checking for a session

    Hi everyone.

    I'm in the process of learning RoR and I'm trying to create a basic log in system. I have managed to create the form and have queried the database. It also creates the session.

    Now what I want to do is to check for the session. I want to put this in my login controller. If the session is already set I just want to return the user to their account page. If not I want it to show / deal with the form as normal.

    Any ideas? I've tried a few if statements but can't seem to get it right.
  2. Apr 7, 2009 08:26 #2
    TFDM
    TFDM is offline
    SitePoint Enthusiast
    Join Date
    Jan 2008
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I might have worked it out... Maybe someone can run the rule over this and see if I this is okay?

    Code:
    class AccountController < ApplicationController

  def index
  		render :text => "Account Controller - Not started yet"
  end

  def login
  		if session[:user_id] != nil
			redirect_to :controller => 'account'
		end
    
		if request.post?		
			@user = User.find_by_name_and_password(
                        params[:name], params[:password])			
			unless @user.nil?
				session[:user_id] = @user.id
				redirect_to :controller => 'account'
			end
		end
  end

  def logout
  		session[:user_id] = @user = nil
  end
end
  3. Apr 7, 2009 14:37 #3
    ReggieB
    ReggieB is offline
    SitePoint Evangelist
    Join Date
    Feb 2006
    Location
    Worcs. UK
    Posts
    404
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If this is for a live system, especially one open to the internet, I'd recommend that you consider using one of the many plug-ins available to do this. No point re-inventing the wheel, especially as you may leave a vulerability by over-looking an essential step.

    If this is part of the learning process and not going on a live site, then the process of building your own authentication would be a worthwhile exercise.

    Either way a good place to start is the How-to on the rubyonrails.org wiki:

    http://wiki.rubyonrails.org/howtos/a...-authorization

    A key point to notice is that rather than redirecting users away from the log-in page (what if someone wants to change the log-on, for example if two people share the same computer), you need to have a simple way to redirect them to the page if they are not authorised to access it. You can do that with a before_filter.
  4. Apr 7, 2009 16:02 #4
    TFDM
    TFDM is offline
    SitePoint Enthusiast
    Join Date
    Jan 2008
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Its just a learning process really. Not sure where my test site will take me. I'm just trying to get to a level where I feel comfortable with it.

    Thanks for the link. Filters were on my to do list for tomorrow afternoon when I sit down again for another couple of hours.
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules