Rails - Aug 2006 - Rails Recipes question - authenticating users

Didn''t think I''d be back so quick with another question but
here goes:

In this recipe for the signin or login (as I call it) there are these
two lines if the user authenticates correctly:

session[:user] = user.id
redirect_to :action => session[:intended_action],
:controller => session[:intended_controller]

So I''m not seeing anything in the way of an explanation but reading
the code it looks like there should be a session controller with a
session action . Is that correct ?

Right now I have a sessions table set up, I''ve made the changes in
environment.rb to do sessions via an ActiveRecord store.  So the table
was created via the rake::db::sessions command.

I still don''t see how the user logged in reflect in the sessions table.
In the sessions table there is:
id - just an auto-inc column
session_id
data
and updated column
Both session_id and data are hashed columns so I''m not sure what is
inside ?
I guess I''ve asked a few questions here .

TIA
Stuart

On Mon, 2006-08-07 at 11:03 -0600, Dark Ambient wrote:
> Didn''t think I''d be back so quick with another question
but here goes:
> 
> In this recipe for the signin or login (as I call it) there are these
> two lines if the user authenticates correctly:
> 
> session[:user] = user.id
> redirect_to :action => session[:intended_action],
> :controller => session[:intended_controller]
> 
> So I''m not seeing anything in the way of an explanation but
reading
> the code it looks like there should be a session controller with a
> session action . Is that correct ?
> 
> Right now I have a sessions table set up, I''ve made the changes in
> environment.rb to do sessions via an ActiveRecord store.  So the table
> was created via the rake::db::sessions command.
> 
> I still don''t see how the user logged in reflect in the sessions
table.
> In the sessions table there is:
> id - just an auto-inc column
> session_id
> data
> and updated column
> Both session_id and data are hashed columns so I''m not sure what
is inside ?
> I guess I''ve asked a few questions here .
----
why not just add <%= session debug %> into one of your views to see what
is stored in the hash?

Craig

Rails handles session management for you, you don''t need to create your
own
table. You get the session object for free.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060807/947b0bbd/attachment.html

I didn''t create my own table, I used rake:create:session:db.
Is that all I need ?

Stuart

On 8/7/06, Jim Lindley <jimlindley@gmail.com>
wrote:
> Rails handles session management for you, you don''t need to create
your own
> table. You get the session object for free.
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>

On 8/7/06, Jim Lindley <jimlindley@gmail.com>
wrote:
> Rails handles session management for you, you don''t need to create
your own
> table. You get the session object for free.
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
 session[:intended_controller] and such represent the session hash.
This data is held with the session object. It will not have a database
field for each element of the hash.  You will have to set these values
somewhere in your code.

On 8/7/06, Jim Lindley <jimlindley@gmail.com>
wrote:
>
> Rails handles session management for you, you don''t need to create
your
> own table. You get the session object for free.
>
Additional info - Rails gives you these objects:

session
cookie
params
request
flash
logger

and a few others that I am sure I''m forgetting.

You don''t have to set those up, although you can configure them in
different
ways. So, don''t create a session controller. What you ran with rake was
to
convert the sessions from being saved on the filesystem to being saved in
the DB. You don''t need to access that table directly. Just work with
the
object.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060807/c2fddd7f/attachment.html

Sorry, I''ll re-read awdwr on sessions but what do you mean set those
values somewhere in my code ?

Stuart

On 8/7/06, Charlie Bowman <charlesmbowman@gmail.com>
wrote:
> On 8/7/06, Jim Lindley <jimlindley@gmail.com> wrote:
> > Rails handles session management for you, you don''t need to
create your own
> > table. You get the session object for free.
> >
> > _______________________________________________
> > Rails mailing list
> > Rails@lists.rubyonrails.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> >
>  session[:intended_controller] and such represent the session hash.
> This data is held with the session object. It will not have a database
> field for each element of the hash.  You will have to set these values
> somewhere in your code.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

K...that helps...thank you !

Stuart

On 8/7/06, Jim Lindley <jimlindley@gmail.com>
wrote:
>
>
>
> On 8/7/06, Jim Lindley <jimlindley@gmail.com> wrote:
> >
> > Rails handles session management for you, you don''t need to
create your
> own table. You get the session object for free.
> >
>
> Additional info - Rails gives you these objects:
>
> session
> cookie
> params
> request
> flash
> logger
>
> and a few others that I am sure I''m forgetting.
>
> You don''t have to set those up, although you can configure them in
different
> ways. So, don''t create a session controller. What you ran with
rake was to
> convert the sessions from being saved on the filesystem to being saved in
> the DB. You don''t need to access that table directly. Just work
with the
> object.
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>

Nah,

What the example is doing is trying to take the user to the page they 
were attempting to get to before they where forced to logon.

1. User attempts to go to edit widget page - http://host/widgets/edit/1

2. Edit widget page is secured by some authentication code, so it 
redirects you to the login page (but storing in the session the page you 
actualy wanted to go to)

3. User logs on, and after logging on redirects the user back to the 
page they had requested back at the start.

''session'' is a variable, a hash to be more precise.

Get me the value from the hash for the key called
''intended_action''

session[:intended_action] ->  ''edit''

session[:intended_controller] -> ''widgets''

Where as session[:user] = user.id mean put an object in the session with 
a key of ''user''

Hope this helps,

Martin

-- 
Posted via http://www.ruby-forum.com/.