SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2008
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Ruby on Rails: Checking for a session

    Hi everyone.

    I'm in the process of learning RoR and I'm trying to create a basic log in system. I have managed to create the form and have queried the database. It also creates the session.

    Now what I want to do is to check for the session. I want to put this in my login controller. If the session is already set I just want to return the user to their account page. If not I want it to show / deal with the form as normal.

    Any ideas? I've tried a few if statements but can't seem to get it right.

  2. #2
    SitePoint Enthusiast
    Join Date
    Jan 2008
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I might have worked it out... Maybe someone can run the rule over this and see if I this is okay?

    Code:
    class AccountController < ApplicationController
    
      def index
      		render :text => "Account Controller - Not started yet"
      end
    
      def login
      		if session[:user_id] != nil
    			redirect_to :controller => 'account'
    		end
        
    		if request.post?		
    			@user = User.find_by_name_and_password(
                            params[:name], params[:password])			
    			unless @user.nil?
    				session[:user_id] = @user.id
    				redirect_to :controller => 'account'
    			end
    		end
      end
    
      def logout
      		session[:user_id] = @user = nil
      end
    end

  3. #3
    SitePoint Evangelist
    Join Date
    Feb 2006
    Location
    Worcs. UK
    Posts
    404
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If this is for a live system, especially one open to the internet, I'd recommend that you consider using one of the many plug-ins available to do this. No point re-inventing the wheel, especially as you may leave a vulerability by over-looking an essential step.

    If this is part of the learning process and not going on a live site, then the process of building your own authentication would be a worthwhile exercise.

    Either way a good place to start is the How-to on the rubyonrails.org wiki:

    http://wiki.rubyonrails.org/howtos/a...-authorization

    A key point to notice is that rather than redirecting users away from the log-in page (what if someone wants to change the log-on, for example if two people share the same computer), you need to have a simple way to redirect them to the page if they are not authorised to access it. You can do that with a before_filter.

  4. #4
    SitePoint Enthusiast
    Join Date
    Jan 2008
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Its just a learning process really. Not sure where my test site will take me. I'm just trying to get to a level where I feel comfortable with it.

    Thanks for the link. Filters were on my to do list for tomorrow afternoon when I sit down again for another couple of hours.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •