Hi, I initially set up acts_as_authenticated to require a user login before accessing and updating pages on my recipe site. This worked fine with no problems with the user session. Now, I have changed the setup so that a few pages are available to the public, while others that involve create/update/delete actions require a user that is logged in. So I created a login form as a partial to include on every single page. The sign in form displays if not logged in; if the user is logged in it will display a welcome message to the user. Now I''m encountering problems where my session[:user] variable gets reset to nil whenever I do a post request. I still have the session, but I just lose the variable, and find myself having to explicitly send the user ID as hidden input and re-assign the session[:user] variable. Has anyone encountered this problem, or have any idea why this would be happening? Thanks in advance. -- View this message in context: http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13206124 Sent from the RubyOnRails Users mailing list archive at Nabble.com. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Michael Graff
2007-Oct-15 22:48 UTC
Re: Losing session variable with acts_as_authenticated
I am using exactly this trick on my http://eq2guild.flame.org/ site, and have experienced no problems with it. Can you compare the html code on that opening page with what you have in yours? I can send you my controller snipit if it will help. --Michael --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
miss_michelle
2007-Oct-16 17:50 UTC
Re: Losing session variable with acts_as_authenticated
Hi Michael, Thanks for your reply. Our login forms are pretty much the same except that your form calls on the /account/login action, whereas mine calls on /recipe (I had put my login action in my application controller so that it would be accessible to all my controllers). This is how I generated it in my view: <% form_for :login, login do %> It works on my /recipe page, but I just recently noticed that I can''t log in from my other pages. Aside from that issue, it would be great if I could take a look at your controller code. To me, it doesn''t really seem like any of my update/edit actions for recipes explicitly change any session variables (except when I have to re-assign my session[:user] variable to keep the user logged in). Michelle Michael Graff-5 wrote:> > > I am using exactly this trick on my http://eq2guild.flame.org/ site, > and have experienced no problems with it. > > Can you compare the html code on that opening page with what you have > in yours? I can send you my controller snipit if it will help. > > --Michael > > > > >-- View this message in context: http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13238698 Sent from the RubyOnRails Users mailing list archive at Nabble.com. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Michael Graff
2007-Oct-16 18:00 UTC
Re: Losing session variable with acts_as_authenticated
Wait, you have your login method in all your controllers? May I ask why? :) It seems that having one definite action to log one in is a very good thing. That is, /login or /account/login or /log_me_in should be the only controller/action with a login method. After all, you don''t log into a recipe, do you? :) If you require a user to log in before they do certain operations, that''s also easily done: class ToonController < ApplicationController before_filter :login_required, :except => [ :list, :show, :show_avatar, :classes, :tradeskills ] Or, in each method: def new if !logged_in? flash[:notice] = ''You cannot create characters without logging in.'' redirect_to :action => "list" else @toon = Toon.new end end My account controller: class AccountController < ApplicationController def login return unless request.post? self.current_user = User.authenticate(params[:login], params[:password]) if logged_in? redirect_back_or_default(:controller => ''welcome'', :action => ''index'') flash[:notice] = "Logged in successfully" end end def logout cookies.delete :auth_token reset_session flash[:notice] = "You have been logged out." redirect_back_or_default(:controller => ''welcome'', :action => ''index'') end As I mentioned, I''m using a modified acts_as_authenticated plugin. --Michael --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
miss_michelle
2007-Oct-16 20:37 UTC
Re: Losing session variable with acts_as_authenticated
Sorry, what I mean is that I had put my login method inside my application controller so it''s accessible to the rest of my controllers. If I leave my login method in the account controller, my other controllers throw an exception with the error "undefined method login". My login and logout methods otherwise look similar to yours (they''re unmodified from acts_as_authenticated). This is how I''m rendering the login box in the main layout: <%= render :partial => ''account/login'', :locals => { :current_user => @current_user } %> _login.rhtml (I just changed it so that login is now back in the account controller): <% if flash[:notice] %> <%= flash[:notice] %> <% end %> <% if logged_in? %> <%= ''Welcome, '' + current_user.first_name + "! » " %> <%= link_to ''Logout'', :controller => ''account'', :action => ''logout'' %> <% else %> <% form_tag "/account/login" method="post" %> <p><label for="login">Login</label><br/> <%= text_field_tag ''login'', login %></p> <p><label for="password">Password</label><br/> <%= password_field_tag ''password'' %></p> <p><label for="remember_me">Remember me:</label> <%= check_box_tag ''remember_me'' %></p> <p><%= submit_tag ''Log in'' %></p> <% end %> <% end %> Michael Graff-5 wrote:> > > Wait, you have your login method in all your controllers? May I ask why? > :) > > It seems that having one definite action to log one in is a very good > thing. That is, /login or /account/login or /log_me_in should be the > only controller/action with a login method. After all, you don''t log > into a recipe, do you? :) > > If you require a user to log in before they do certain operations, > that''s also easily done: > > class ToonController < ApplicationController > before_filter :login_required, :except => [ :list, > :show, > :show_avatar, > :classes, > :tradeskills ] > > Or, in each method: > > def new > if !logged_in? > flash[:notice] = ''You cannot create characters without logging in.'' > redirect_to :action => "list" > else > @toon = Toon.new > end > end > > > My account controller: > > class AccountController < ApplicationController > def login > return unless request.post? > self.current_user = User.authenticate(params[:login], > params[:password]) > if logged_in? > redirect_back_or_default(:controller => ''welcome'', :action => > ''index'') > flash[:notice] = "Logged in successfully" > end > end > > def logout > cookies.delete :auth_token > reset_session > flash[:notice] = "You have been logged out." > redirect_back_or_default(:controller => ''welcome'', :action => ''index'') > end > > As I mentioned, I''m using a modified acts_as_authenticated plugin. > > --Michael > > > > >-- View this message in context: http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13241996 Sent from the RubyOnRails Users mailing list archive at Nabble.com. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Michael Graff
2007-Oct-16 20:50 UTC
Re: Losing session variable with acts_as_authenticated
On 10/16/07, miss_michelle <mich-DaJ7z4UupfXFMxZ9eE8klg@public.gmane.org> wrote:> Sorry, what I mean is that I had put my login method inside my application > controller so it''s accessible to the rest of my controllers. If I leave my > login method in the account controller, my other controllers throw an > exception with the error "undefined method login".You should never have "login" run via the path /recipe/login, or /book/login, etc. probably -- you always want /account/login -- so login should be in account_controller.rb only. If you put it in app/controllers/application.rb, I believe it can be accessed via /recipe/login, etc. If you need to refer to it inside a different controller, you can always redirect to the login page: redirect_to :controller => :account, :action => :login> This is how I''m rendering the login box in the main layout:What you did looks basically the same as mine... Here''s my app/views/account/login.rhtml file: <div class="contentbody"> <% form_tag do -%> <p><label for="login">Login</label><br/> <%= text_field_tag ''login'' %></p> <p><label for="password">Password</label><br/> <%= password_field_tag ''password'' %></p> <p><%= submit_tag ''Log in'' %></p> <% end -%> </div><!-- contentbody --> This renders to: <div class="contentbody"> <form action="/account/login" method="post"><p><label for="login">Login</label><br/> <input id="login" name="login" type="text" /></p> <p><label for="password">Password</label><br/> <input id="password" name="password" type="password" /></p> <p><input name="commit" type="submit" value="Log in" /></p> </form></div><!-- contentbody --> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
miss_michelle
2007-Oct-16 21:15 UTC
Re: Losing session variable with acts_as_authenticated
I''m wondering why you''re login form is in a login.rhtml rather than a partial named _login.rhtml? When I try the <% form_tag do -%> it renders the action to go to the page that I''m current on, eg. /recipe/list. Basically, I''m trying to get the layout to be just like yours: login form included onto each page as a partial. But when I put the login method back into the application, my recipe controller is complaining about an undefined login method. Incidentally, trying to access the path /recipe/login results in an error because I have no layout page for that. Michael Graff-5 wrote:> > > On 10/16/07, miss_michelle <mich-DaJ7z4UupfXFMxZ9eE8klg@public.gmane.org> wrote: >> Sorry, what I mean is that I had put my login method inside my >> application >> controller so it''s accessible to the rest of my controllers. If I leave >> my >> login method in the account controller, my other controllers throw an >> exception with the error "undefined method login". > > You should never have "login" run via the path /recipe/login, or > /book/login, etc. probably -- you always want /account/login -- so > login should be in account_controller.rb only. If you put it in > app/controllers/application.rb, I believe it can be accessed via > /recipe/login, etc. > > If you need to refer to it inside a different controller, you can > always redirect to the login page: > > redirect_to :controller => :account, :action => :login > >> This is how I''m rendering the login box in the main layout: > > What you did looks basically the same as mine... > > Here''s my app/views/account/login.rhtml file: > > <div class="contentbody"> > <% form_tag do -%> > <p><label for="login">Login</label><br/> > <%= text_field_tag ''login'' %></p> > <p><label for="password">Password</label><br/> > <%= password_field_tag ''password'' %></p> > <p><%= submit_tag ''Log in'' %></p> > <% end -%> > </div><!-- contentbody --> > > This renders to: > > <div class="contentbody"> > <form action="/account/login" method="post"><p><label > for="login">Login</label><br/> > <input id="login" name="login" type="text" /></p> > <p><label for="password">Password</label><br/> > <input id="password" name="password" type="password" /></p> > <p><input name="commit" type="submit" value="Log in" /></p> > </form></div><!-- contentbody --> > > > > >-- View this message in context: http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13242535 Sent from the RubyOnRails Users mailing list archive at Nabble.com. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Michael Graff
2007-Oct-16 23:51 UTC
Re: Losing session variable with acts_as_authenticated
My bad. I have two login forms actually -- that one is displayed when the user goes to /admin/login specifically. Here is the one I put in my sidebars, which appears on every page unless the user is logged in. And no I don''t have this in a partial either, but I probably should... <div id="login_form"> <% form_tag(:controller => "account", :action => "login") do %> <label for="login" class="lfield">Username</label> <%= text_field_tag(:login, params[:login], :size => 12, :class => "lfield") %> <p/> <label for="password" class="lfield">Password</label> <%= password_field_tag(:password, params[:password], :size => 12, :class => "lfield") %> <p/> <%= submit_tag "Log In", :class => "submit_button" %> <% end %> </div><!-- login_form --> This renders into: <div id="login_form"> <form action="/account/login" method="post"> <label for="login" class="lfield">Username</label> <input class="lfield" id="login" name="login" size="12" type="text" /> <p/> <label for="password" class="lfield">Password</label> <input class="lfield" id="password" name="password" size="12" type="password" /> <p/> <input class="submit_button" name="commit" type="submit" value="Log In" /> </form> </div><!-- login_form --> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
miss_michelle
2007-Oct-17 19:38 UTC
Re: Losing session variable with acts_as_authenticated
It turns out that I had been requiring the login method in a before_filter, which is why my application was breaking when I moved the login method back to the account controller. It works now... I''m able to log in from different pages, and it also fixed my session problem :) Thanks so much for your help! Michael Graff-5 wrote:> > > My bad. I have two login forms actually -- that one is displayed when > the user goes to /admin/login specifically. > > Here is the one I put in my sidebars, which appears on every page > unless the user is logged in. And no I don''t have this in a partial > either, but I probably should... > > <div id="login_form"> > <% form_tag(:controller => "account", :action => "login") do %> > <label for="login" class="lfield">Username</label> > <%= text_field_tag(:login, params[:login], :size => 12, :class => > "lfield") %> > <p/> > <label for="password" class="lfield">Password</label> > <%= password_field_tag(:password, params[:password], :size => 12, > :class => "lfield") %> > <p/> > <%= submit_tag "Log In", :class => "submit_button" %> > <% end %> > </div><!-- login_form --> > > This renders into: > > <div id="login_form"> > <form action="/account/login" method="post"> > <label for="login" class="lfield">Username</label> > <input class="lfield" id="login" name="login" size="12" > type="text" /> > <p/> > <label for="password" class="lfield">Password</label> > <input class="lfield" id="password" name="password" size="12" > type="password" /> > <p/> > <input class="submit_button" name="commit" type="submit" > value="Log In" /> > </form> > </div><!-- login_form --> > > > > >-- View this message in context: http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13261345 Sent from the RubyOnRails Users mailing list archive at Nabble.com. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---