The logout strategy on page 172 of AWDWR doesn''t seem to do anything. I ended up creating the same thing on my own, then looked up how they did it in the book. I would expect it to update the session record to clear out the data column, and I would expect it to delete the cookie from the browser. It does neither. My logout button goes to a logout page, then redirects the login page so that the cookie should be deleted. I know I have gotten that to work in my other (non-Rails) apps. Am I missing something? -- gw --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
try something like this
def log_out
reset_session
redirect_to(''where_ever_you_want'')
end
this will reset the whole session.
On Nov 3, 4:55 am, Greg Willits
<li...-0Bv1hcaDFPRk211Z5VL+QA@public.gmane.org>
wrote:> The logout strategy on page 172 of AWDWR doesn''t seem to do
anything.
>
> I ended up creating the same thing on my own, then looked up how they
> did it in the book.
>
> I would expect it to update the session record to clear out the data
> column, and I would expect it to delete the cookie from the browser.
>
> It does neither.
>
> My logout button goes to a logout page, then redirects the login page
> so that the cookie should be deleted. I know I have gotten that to
> work in my other (non-Rails) apps.
>
> Am I missing something?
>
> -- gw
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Have you looked at acts_as_authenticated plugin? You get most of the functionality you are wanting for free, and extending it is really easy. -Bill On Nov 2, 2007, at 9:55 PM, Greg Willits wrote:> > The logout strategy on page 172 of AWDWR doesn''t seem to do anything. > > I ended up creating the same thing on my own, then looked up how they > did it in the book. > > I would expect it to update the session record to clear out the data > column, and I would expect it to delete the cookie from the browser. > > It does neither. > > My logout button goes to a logout page, then redirects the login page > so that the cookie should be deleted. I know I have gotten that to > work in my other (non-Rails) apps. > > Am I missing something? > > -- gw > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Ah didn''t see that one. Perfect. Thanks. -- gw On Nov 3, 2007, at 8:25 AM, nas wrote:> try something like this > def log_out > reset_session > redirect_to(''where_ever_you_want'') > end > > this will reset the whole session. > > On Nov 3, 4:55 am, Greg Willits <li...-0Bv1hcaDFPRk211Z5VL+QA@public.gmane.org> wrote: >> The logout strategy on page 172 of AWDWR doesn''t seem to do anything. >> >> I ended up creating the same thing on my own, then looked up how they >> did it in the book. >> >> I would expect it to update the session record to clear out the data >> column, and I would expect it to delete the cookie from the browser. >> >> It does neither. >> >> My logout button goes to a logout page, then redirects the login page >> so that the cookie should be deleted. I know I have gotten that to >> work in my other (non-Rails) apps.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Nov 3, 2007, at 9:14 AM, William Pratt wrote:> Have you looked at acts_as_authenticated plugin? You get most of the > functionality you are wanting for free, and extending it is really > easy.I had a quick look. I chose to port a user management system I''ve developed through experience with intranet apps used in corp/gov/edu systems. I evolved it over several years. I work with some fairly complex rules systems governing what parts of a program (down to single buttons) and what data (down to specific fields) that people can access. Role based systems are far too inflexible for real-world, multi- organization, work-group use, so I''ve built up a system which combines the capabilities of roles, groups, ACL-like privileges, and data access filters. The filters are used to modify core application queries to apply additional WHERE clause constraints. The system also includes modular user profiles so it can manage multiple types of users (like teachers, parents, students) with a clean schema. The ACL list rules are defined by a very simple config which can be changed at any time and the UI adapts on the next page load. It also has all the usual password management rules you find in corp/ gov so I can: - expire a password after X days - start prompting the user to update a pswd within X days of expiration - maintain a password history so pswds can''t be the same as the last X ones used - require that pswds be made of up X types of chars or be Y long to be considred a passphrase - lock an account for X minutes if pswd entered Y times incorrectly There''s other attributes to the system as well. There''s more info on my current Lasso implementation here: http://www.pageblocks.org/ftrs/api_auth There''s a good chance I''ll share it when I get the port complete. -- greg willits --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---