Rails - Oct 2007 - Losing session variable with acts_as_authenticated

Hi,

I initially set up acts_as_authenticated to require a user login before
accessing and updating pages on my recipe site. This worked fine with no
problems with the user session.

Now, I have changed the setup so that a few pages are available to the
public, while others that involve create/update/delete actions require a
user that is logged in. So I created a login form as a partial to include on
every single page. The sign in form displays if not logged in; if the user
is logged in it will display a welcome message to the user.

Now I''m encountering problems where my session[:user] variable gets
reset to
nil whenever I do a post request. I still have the session, but I just lose
the variable, and find myself having to explicitly send the user ID as
hidden input and re-assign the session[:user] variable.  Has anyone
encountered this problem, or have any idea why this would be happening?

Thanks in advance.
-- 
View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13206124
Sent from the RubyOnRails Users mailing list archive at Nabble.com.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I am using exactly this trick on my http://eq2guild.flame.org/ site,
and have experienced no problems with it.

Can you compare the html code on that opening page with what you have
in yours?  I can send you my controller snipit if it will help.

--Michael

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi Michael,

Thanks for your reply.  Our login forms are pretty much the same except that
your form calls on the /account/login action, whereas mine calls on /recipe
(I had put my login action in my application controller so that it would be
accessible to all my controllers).

This is how I generated it in my view: <% form_for :login, login do %>

It works on my /recipe page, but I just recently noticed that I can''t
log in
from my other pages.

Aside from that issue, it would be great if I could take a look at your
controller code. To me, it doesn''t really seem like any of my
update/edit
actions for recipes explicitly change any session variables (except when I
have to re-assign my session[:user] variable to keep the user logged in).

Michelle



Michael Graff-5 wrote:
> 
> 
> I am using exactly this trick on my http://eq2guild.flame.org/ site,
> and have experienced no problems with it.
> 
> Can you compare the html code on that opening page with what you have
> in yours?  I can send you my controller snipit if it will help.
> 
> --Michael
> 
> > 
> 
> 
-- 
View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13238698
Sent from the RubyOnRails Users mailing list archive at Nabble.com.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Wait, you have your login method in all your controllers?  May I ask why?  :)

It seems that having one definite action to log one in is a very good
thing.  That is, /login or /account/login or /log_me_in should be the
only controller/action with a login method.  After all, you don''t log
into a recipe, do you?  :)

If you require a user to log in before they do certain operations,
that''s also easily done:

class ToonController < ApplicationController
  before_filter :login_required, :except => [ :list,
                                              :show,
                                              :show_avatar,
                                              :classes,
                                              :tradeskills ]

Or, in each method:

  def new
    if !logged_in?
      flash[:notice] = ''You cannot create characters without logging
in.''
      redirect_to :action => "list"
    else
      @toon = Toon.new
    end
  end


My account controller:

class AccountController < ApplicationController
  def login
    return unless request.post?
    self.current_user = User.authenticate(params[:login], params[:password])
    if logged_in?
      redirect_back_or_default(:controller => ''welcome'',
:action => ''index'')
      flash[:notice] = "Logged in successfully"
    end
  end

  def logout
    cookies.delete :auth_token
    reset_session
    flash[:notice] = "You have been logged out."
    redirect_back_or_default(:controller => ''welcome'',
:action => ''index'')
  end

As I mentioned, I''m using a modified acts_as_authenticated plugin.

--Michael

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Sorry, what I mean is that I had put my login method inside my application
controller so it''s accessible to the rest of my controllers. If I leave
my
login method in the account controller, my other controllers throw an
exception with the error "undefined method login".

My login and logout methods otherwise look similar to yours (they''re
unmodified from acts_as_authenticated).

This is how I''m rendering the login box in the main layout:

<%= render :partial => ''account/login'', :locals => {
:current_user =>
@current_user }  %>

_login.rhtml (I just changed it so that login is now back in the account
controller):

<% if flash[:notice] %>
	<%= flash[:notice] %>
<% end %> 

<% if logged_in? %>
	<%= ''Welcome, '' + current_user.first_name + "!
&raquo; " %>
	<%= link_to ''Logout'', :controller =>
''account'', :action => ''logout'' %>
<% else %>
	<% form_tag "/account/login" method="post" %>
	<p><label for="login">Login</label><br/>
	<%= text_field_tag ''login'', login %></p>

	<p><label
for="password">Password</label><br/>
	<%= password_field_tag ''password'' %></p>
	
	<p><label for="remember_me">Remember me:</label>
	<%= check_box_tag ''remember_me'' %></p>
	
	<p><%= submit_tag ''Log in'' %></p>
	<% end %>
<% end %>





Michael Graff-5 wrote:
> 
> 
> Wait, you have your login method in all your controllers?  May I ask why? 
> :)
> 
> It seems that having one definite action to log one in is a very good
> thing.  That is, /login or /account/login or /log_me_in should be the
> only controller/action with a login method.  After all, you don''t
log
> into a recipe, do you?  :)
> 
> If you require a user to log in before they do certain operations,
> that''s also easily done:
> 
> class ToonController < ApplicationController
>   before_filter :login_required, :except => [ :list,
>                                               :show,
>                                               :show_avatar,
>                                               :classes,
>                                               :tradeskills ]
> 
> Or, in each method:
> 
>   def new
>     if !logged_in?
>       flash[:notice] = ''You cannot create characters without
logging in.''
>       redirect_to :action => "list"
>     else
>       @toon = Toon.new
>     end
>   end
> 
> 
> My account controller:
> 
> class AccountController < ApplicationController
>   def login
>     return unless request.post?
>     self.current_user = User.authenticate(params[:login],
> params[:password])
>     if logged_in?
>       redirect_back_or_default(:controller =>
''welcome'', :action =>
> ''index'')
>       flash[:notice] = "Logged in successfully"
>     end
>   end
> 
>   def logout
>     cookies.delete :auth_token
>     reset_session
>     flash[:notice] = "You have been logged out."
>     redirect_back_or_default(:controller => ''welcome'',
:action => ''index'')
>   end
> 
> As I mentioned, I''m using a modified acts_as_authenticated plugin.
> 
> --Michael
> 
> > 
> 
> 
-- 
View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13241996
Sent from the RubyOnRails Users mailing list archive at Nabble.com.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 10/16/07, miss_michelle <mich-DaJ7z4UupfXFMxZ9eE8klg@public.gmane.org>
wrote:
> Sorry, what I mean is that I had put my login method inside my application
> controller so it''s accessible to the rest of my controllers. If I
leave my
> login method in the account controller, my other controllers throw an
> exception with the error "undefined method login".
You should never have "login" run via the path /recipe/login, or
/book/login, etc. probably -- you always want /account/login -- so
login should be in account_controller.rb only.  If you put it in
app/controllers/application.rb, I believe it can be accessed via
/recipe/login, etc.

If you need to refer to it inside a different controller, you can
always redirect to the login page:

  redirect_to :controller => :account, :action => :login
> This is how I''m rendering the login box in the main layout:
What you did looks basically the same as mine...

Here''s my app/views/account/login.rhtml file:

<div class="contentbody">
<% form_tag do -%>
<p><label for="login">Login</label><br/>
<%= text_field_tag ''login'' %></p>
<p><label for="password">Password</label><br/>
<%= password_field_tag ''password'' %></p>
<p><%= submit_tag ''Log in'' %></p>
<% end -%>
</div><!-- contentbody -->

This renders to:

<div class="contentbody">
<form action="/account/login"
method="post"><p><label
for="login">Login</label><br/>
<input id="login" name="login" type="text"
/></p>
<p><label for="password">Password</label><br/>
<input id="password" name="password"
type="password" /></p>
<p><input name="commit" type="submit"
value="Log in" /></p>
</form></div><!-- contentbody -->

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I''m wondering why you''re login form is in a login.rhtml rather
than a partial
named _login.rhtml? When I try the <% form_tag do -%> it renders the
action
to go to the page that I''m current on, eg. /recipe/list.

Basically, I''m trying to get the layout to be just like yours: login
form
included onto each page as a partial. But when I put the login method back
into the  application, my recipe controller is complaining about an
undefined login method. Incidentally, trying to access the path
/recipe/login results in an error because I have no layout page for that.



Michael Graff-5 wrote:
> 
> 
> On 10/16/07, miss_michelle
<mich-DaJ7z4UupfXFMxZ9eE8klg@public.gmane.org> wrote:
>> Sorry, what I mean is that I had put my login method inside my
>> application
>> controller so it''s accessible to the rest of my controllers.
If I leave
>> my
>> login method in the account controller, my other controllers throw an
>> exception with the error "undefined method login".
> 
> You should never have "login" run via the path /recipe/login, or
> /book/login, etc. probably -- you always want /account/login -- so
> login should be in account_controller.rb only.  If you put it in
> app/controllers/application.rb, I believe it can be accessed via
> /recipe/login, etc.
> 
> If you need to refer to it inside a different controller, you can
> always redirect to the login page:
> 
>   redirect_to :controller => :account, :action => :login
> 
>> This is how I''m rendering the login box in the main layout:
> 
> What you did looks basically the same as mine...
> 
> Here''s my app/views/account/login.rhtml file:
> 
> <div class="contentbody">
> <% form_tag do -%>
> <p><label for="login">Login</label><br/>
> <%= text_field_tag ''login'' %></p>
> <p><label
for="password">Password</label><br/>
> <%= password_field_tag ''password'' %></p>
> <p><%= submit_tag ''Log in'' %></p>
> <% end -%>
> </div><!-- contentbody -->
> 
> This renders to:
> 
> <div class="contentbody">
> <form action="/account/login"
method="post"><p><label
> for="login">Login</label><br/>
> <input id="login" name="login" type="text"
/></p>
> <p><label
for="password">Password</label><br/>
> <input id="password" name="password"
type="password" /></p>
> <p><input name="commit" type="submit"
value="Log in" /></p>
> </form></div><!-- contentbody -->
> 
> > 
> 
> 
-- 
View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13242535
Sent from the RubyOnRails Users mailing list archive at Nabble.com.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

My bad.  I have two login forms actually -- that one is displayed when
the user goes to /admin/login specifically.

Here is the one I put in my sidebars, which appears on every page
unless the user is logged in.  And no I don''t have this in a partial
either, but I probably should...

<div id="login_form">
  <% form_tag(:controller => "account", :action =>
"login") do %>
    <label for="login"
class="lfield">Username</label>
    <%= text_field_tag(:login, params[:login], :size => 12, :class =>
"lfield") %>
    <p/>
    <label for="password"
class="lfield">Password</label>
    <%= password_field_tag(:password, params[:password], :size => 12,
:class => "lfield") %>
    <p/>
    <%= submit_tag "Log In", :class => "submit_button"
%>
  <% end %>
</div><!-- login_form -->

This renders into:

<div id="login_form">
   <form action="/account/login" method="post">
        <label for="login"
class="lfield">Username</label>
        <input class="lfield" id="login"
name="login" size="12" type="text" />
        <p/>
        <label for="password"
class="lfield">Password</label>
        <input class="lfield" id="password"
name="password" size="12"
type="password" />
        <p/>
        <input class="submit_button" name="commit"
type="submit"
value="Log In" />
    </form>
</div><!-- login_form -->

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

It turns out that I had been requiring the login method in a before_filter,
which is why my application was breaking when I moved the login method back
to the account controller. It works now... I''m able to log in from
different
pages, and it also fixed my session problem :) 

Thanks so much for your help!



Michael Graff-5 wrote:
> 
> 
> My bad.  I have two login forms actually -- that one is displayed when
> the user goes to /admin/login specifically.
> 
> Here is the one I put in my sidebars, which appears on every page
> unless the user is logged in.  And no I don''t have this in a
partial
> either, but I probably should...
> 
> <div id="login_form">
>   <% form_tag(:controller => "account", :action =>
"login") do %>
>     <label for="login"
class="lfield">Username</label>
>     <%= text_field_tag(:login, params[:login], :size => 12, :class
=>
> "lfield") %>
>     <p/>
>     <label for="password"
class="lfield">Password</label>
>     <%= password_field_tag(:password, params[:password], :size => 12,
> :class => "lfield") %>
>     <p/>
>     <%= submit_tag "Log In", :class =>
"submit_button" %>
>   <% end %>
> </div><!-- login_form -->
> 
> This renders into:
> 
> <div id="login_form">
>    <form action="/account/login" method="post">
>         <label for="login"
class="lfield">Username</label>
>         <input class="lfield" id="login"
name="login" size="12"
> type="text" />
>         <p/>
>         <label for="password"
class="lfield">Password</label>
>         <input class="lfield" id="password"
name="password" size="12"
> type="password" />
>         <p/>
>         <input class="submit_button" name="commit"
type="submit"
> value="Log In" />
>     </form>
> </div><!-- login_form -->
> 
> > 
> 
> 
-- 
View this message in context:
http://www.nabble.com/Losing-session-variable-with-acts_as_authenticated-tf4624255.html#a13261345
Sent from the RubyOnRails Users mailing list archive at Nabble.com.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---