Its best to have a look at the code for Login Engine or
Acts_as_authenticated for an idea of how to do it.
Generally you either store the whole User object in the session or just
the user_id and do a find every time to get the user object.
Storing the User in the model will not include the assosiations
(has_many etc).
Something like: (pseudo code)
*Login Controller*
def login
@session[:user] = User.authenticate(username, password)
if @session[:user]
# success
else
# failed
end
end
*User Model*
def self.autherticate(username, password)
@user = User.find(username)
if not @user
return nil
end
# other checks inc. password
# return nil as failure
end
Hope that helps, Kris.
Nicholas Wieland wrote:> Hi *,
> I''m looking at typo authentication, and was asking myself if
it''s
> correct to put in a session variable a user object which has_many
> posts ...
> Just because I''m rolling my own authentication system and want to
> know what''s the best way to handle this issue (other than using a
> generator or a plugin, which I''d prefer not to use).
>
> --
> Nicholas Wieland
> nicholas_wieland@yahoo.it
>
>
>
>
>
>
>
>
> ___________________________________
> Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
> http://mail.yahoo.it
--
Posted via http://www.ruby-forum.com/.