I''ve got several several Rails 2.1 apps using a variant of restful_authentication to manage logins/sessions (actually the guts from Beast but it''s basically restful_authentication). The apps store sessions in cookies per 2.1 default. The apps set two cookies -- the session cookie and a "login_token" cookie that gets set thus: cookies[:login_token] = {:value => "#{current_user.id};# {current_user.reset_login_key!}", :expires => 1.year.from_now.utc} if params[:remember_me] == "1" The problem is that logged-in users who then close their browsers have to re-login when they re-launch their browsers even when the browsers are set to keep cookies until they expire -- which shouldn''t happen because the login_token cookie expires one year in the future. When their browsers are left open, the users remain logged in and the sites function perfectly normally. Checking these cookies in the browser confirms that the appear to be set/sent correctly. What could cause this behavior? I''ve thought of: - session storage location -- but moving sessions back to active_record doesn''t fix this - login_token cookie lacks a :domain setting -- but setting this resulted in the login_token no longer showing up in the browser and didn''t affect the problem - mongrel_cluster -- the sites where this problem happens are running mongrel_clusters with several mongrels each -- while I have one site where the login persists as expected and has only a single mongrel in front of it -- but otherwise uses the same login/session code Could this really be a mongrel_cluster issue? What else could be going on? This seems really weird, but also probably something really simple and I''m just blind. Thanks in advance for any pointers! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Perhaps look at how the new restful_authentication http://github.com/technoweenie/restful_authentication does it and see if you can understand that. ----- Ryan Bigg Freelancer http://frozenplague.net On 25/11/2008, at 11:38 AM, Stan Kaufman wrote:> > I''ve got several several Rails 2.1 apps using a variant of > restful_authentication to manage logins/sessions (actually the guts > from Beast but it''s basically restful_authentication). The apps store > sessions in cookies per 2.1 default. The apps set two cookies -- the > session cookie and a "login_token" cookie that gets set thus: > > cookies[:login_token] = {:value => "#{current_user.id};# > {current_user.reset_login_key!}", :expires => 1.year.from_now.utc} if > params[:remember_me] == "1" > > The problem is that logged-in users who then close their browsers have > to re-login when they re-launch their browsers even when the browsers > are set to keep cookies until they expire -- which shouldn''t happen > because the login_token cookie expires one year in the future. When > their browsers are left open, the users remain logged in and the sites > function perfectly normally. Checking these cookies in the browser > confirms that the appear to be set/sent correctly. > > What could cause this behavior? I''ve thought of: > > - session storage location -- but moving sessions back to > active_record doesn''t fix this > - login_token cookie lacks a :domain setting -- but setting this > resulted in the login_token no longer showing up in the browser and > didn''t affect the problem > - mongrel_cluster -- the sites where this problem happens are running > mongrel_clusters with several mongrels each -- while I have one site > where the login persists as expected and has only a single mongrel in > front of it -- but otherwise uses the same login/session code > > Could this really be a mongrel_cluster issue? What else could be going > on? This seems really weird, but also probably something really simple > and I''m just blind. > > Thanks in advance for any pointers! > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
The one thing that jumps out at me is you are setting the time to utc in the cookie. I am pretty sure rails does this for you automatically, but am not 100% certain. I know for my cookies I do not have to do this and it works fine: cookies[:name] = {:value => "value", :expires => 1.year.from_now} Lastly, you might want to check out Authlogic as it is a simple way to get authentication into your app: http://github.com/binarylogic/authlogic/tree/master -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks for the suggestions! Clearly restful_authentication and authlogic have moved the ball far downfield from where Beast was playing back in the day. It''s looking as if this might be more of a browser issue, though. My sites (and http://beast.caboo.se/ for that matter) DO retain logins between browser restarts sometimes. So it''s hard to imagine that this is a server-side matter... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---