I''ve got several several Rails 2.1 apps using a variant of
restful_authentication to manage logins/sessions (actually the guts
from Beast but it''s basically restful_authentication). The apps store
sessions in cookies per 2.1 default. The apps set two cookies -- the
session cookie and a "login_token" cookie that gets set thus:
cookies[:login_token] = {:value => "#{current_user.id};#
{current_user.reset_login_key!}", :expires => 1.year.from_now.utc} if
params[:remember_me] == "1"
The problem is that logged-in users who then close their browsers have
to re-login when they re-launch their browsers even when the browsers
are set to keep cookies until they expire -- which shouldn''t happen
because the login_token cookie expires one year in the future. When
their browsers are left open, the users remain logged in and the sites
function perfectly normally. Checking these cookies in the browser
confirms that the appear to be set/sent correctly.
What could cause this behavior? I''ve thought of:
- session storage location -- but moving sessions back to
active_record doesn''t fix this
- login_token cookie lacks a :domain setting -- but setting this
resulted in the login_token no longer showing up in the browser and
didn''t affect the problem
- mongrel_cluster -- the sites where this problem happens are running
mongrel_clusters with several mongrels each -- while I have one site
where the login persists as expected and has only a single mongrel in
front of it -- but otherwise uses the same login/session code
Could this really be a mongrel_cluster issue? What else could be going
on? This seems really weird, but also probably something really simple
and I''m just blind.
Thanks in advance for any pointers!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Perhaps look at how the new restful_authentication http://github.com/technoweenie/restful_authentication does it and see if you can understand that. ----- Ryan Bigg Freelancer http://frozenplague.net On 25/11/2008, at 11:38 AM, Stan Kaufman wrote:> > I''ve got several several Rails 2.1 apps using a variant of > restful_authentication to manage logins/sessions (actually the guts > from Beast but it''s basically restful_authentication). The apps store > sessions in cookies per 2.1 default. The apps set two cookies -- the > session cookie and a "login_token" cookie that gets set thus: > > cookies[:login_token] = {:value => "#{current_user.id};# > {current_user.reset_login_key!}", :expires => 1.year.from_now.utc} if > params[:remember_me] == "1" > > The problem is that logged-in users who then close their browsers have > to re-login when they re-launch their browsers even when the browsers > are set to keep cookies until they expire -- which shouldn''t happen > because the login_token cookie expires one year in the future. When > their browsers are left open, the users remain logged in and the sites > function perfectly normally. Checking these cookies in the browser > confirms that the appear to be set/sent correctly. > > What could cause this behavior? I''ve thought of: > > - session storage location -- but moving sessions back to > active_record doesn''t fix this > - login_token cookie lacks a :domain setting -- but setting this > resulted in the login_token no longer showing up in the browser and > didn''t affect the problem > - mongrel_cluster -- the sites where this problem happens are running > mongrel_clusters with several mongrels each -- while I have one site > where the login persists as expected and has only a single mongrel in > front of it -- but otherwise uses the same login/session code > > Could this really be a mongrel_cluster issue? What else could be going > on? This seems really weird, but also probably something really simple > and I''m just blind. > > Thanks in advance for any pointers! > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
The one thing that jumps out at me is you are setting the time to utc in
the cookie. I am pretty sure rails does this for you automatically, but
am not 100% certain. I know for my cookies I do not have to do this and
it works fine:
cookies[:name] = {:value => "value", :expires =>
1.year.from_now}
Lastly, you might want to check out Authlogic as it is a simple way to
get authentication into your app:
http://github.com/binarylogic/authlogic/tree/master
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Thanks for the suggestions! Clearly restful_authentication and authlogic have moved the ball far downfield from where Beast was playing back in the day. It''s looking as if this might be more of a browser issue, though. My sites (and http://beast.caboo.se/ for that matter) DO retain logins between browser restarts sometimes. So it''s hard to imagine that this is a server-side matter... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---