Rails - Mar 2006 - memcached and Joe Hosteny''s Salted Hash Login Generator

Hey,

so - I''ve been fiddling about and fell in to use Joe''s
simple-yet-
painful SHLG (I shouldn''t complain... not at least I have time to  
produce one :)). I just recently plugged in memcache, and- it''s not  
preserving my login.

I traced the execution and it sets the output of User.authenticate (a  
user AR object) into @session[''user''] correctly - so login
works.  My
next breakpoint is in user_system.rb where it is checking  
authentication - via a before_filter. At this point,
@session[''user'']
is empty - and @session.session_id has changed.

Any idea why my session_ids are not being preserved?

more info available on request...

  -- james
--

James Cox,
e: james@imajes.info w: http://www.imajes.info/

On Mar 7, 2006, at 1:51 AM, James Cox wrote:
> Hey,
>
> so - I''ve been fiddling about and fell in to use Joe''s
simple-yet-
> painful SHLG (I shouldn''t complain... not at least I have time to
> produce one :)). I just recently plugged in memcache, and- it''s
not
> preserving my login.
>
> I traced the execution and it sets the output of User.authenticate  
> (a user AR object) into @session[''user''] correctly - so
login
> works.  My next breakpoint is in user_system.rb where it is  
> checking authentication - via a before_filter. At this point,  
> @session[''user''] is empty - and @session.session_id has
changed.
>
> Any idea why my session_ids are not being preserved?
>
> more info available on request...
>
>  -- james
> --
>
> James Cox,
> e: james@imajes.info w: http://www.imajes.info/

James-

	I just dealt with the exact same problem with the salted hash login.  
You could log in fine with the user/login method but when it  
redirected you to a protected page it would fail. So I put  
logger.debug session.inspect ion the user/login method and in the  
user_system/login_required method that gets used in the before  
filter. The first session right after login printed to the log fine.  
But by the time it made it into the other logger message the session  
was empty.

	Its not clear whether or not you are using mem-cached for session  
storage or for cached-model? But this following line is what was  
messing my app up:

   ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update 
( :session_domain => ''.localhost.com'')

	You need to put that in your environment.rb. And make sure it is set  
to the correct domain that you are testing your app on. It might be  
different for memcached sessions but the same thing applies. Afetr  
fixing this the problem went away.

Cheers-
Ezra

Ezra Zygmuntowicz wrote:
> On Mar 7, 2006, at 1:51 AM, James Cox wrote:
> 
>> checking authentication - via a before_filter. At this point,  
>> e: james@imajes.info w: http://www.imajes.info/
> James-
> 
> 	I just dealt with the exact same problem with the salted hash login.
> You could log in fine with the user/login method but when it
> redirected you to a protected page it would fail. So I put
> logger.debug session.inspect ion the user/login method and in the
> user_system/login_required method that gets used in the before
> filter. The first session right after login printed to the log fine.
> But by the time it made it into the other logger message the session
> was empty.
> 
> 	Its not clear whether or not you are using mem-cached for session
> storage or for cached-model? But this following line is what was
> messing my app up:
> 
>    ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS.update
> ( :session_domain => ''.localhost.com'')
> 
> 	You need to put that in your environment.rb. And make sure it is set
> to the correct domain that you are testing your app on. It might be
> different for memcached sessions but the same thing applies. Afetr
> fixing this the problem went away.
> 
> Cheers-
> Ezra

Ezra -

thanks. of course. it requires a valid domain for the session it can 
match.... duh!

-- 
Posted via http://www.ruby-forum.com/.