search for: reset_session

...prompt for the login screen, but the behavioius is different, it does not prompt for login page, it goes to the current screen where it was before the server went down. I guess what is happening is :user_id is still present in the Browser''s Session, since we did not explicity call a reset_session which we do in case of log-out since the server was killed abruptly. and that i guess is the reason when the server is re-started it still finds the :user_id in the session and happily moves forward. I''m using MYSQL DB.. Any way to solve the above problem? What i''m going wron...

I''m going to explicitly time out sessions if they''re idle more than X minutes. Like online banking sites do. How do I set things up so that, when a session expires, a set of database records and a set of files that may have been created (which are identified via a seperate set of database records) are deleted just before the session data? TIA, Bill

My code that acts if a session has timed out looks like this: reset_session session[:expires_at] = nil # TODO - This flash is never shown, because we redirect maybe? flash[:error] = ''Your session has timed out, please login to continue.'' # An attempt to make flash stick around, not working flash.keep redirect_to :controller => ''se...

Just a question and an FYI I just installed rails and acts_as_authenticated and was setting up a site. Everything works fine except that in the AccountController that I generated the calls to the routine redirect_back_or_default don''t work because the call just before it to reset_session clears the session[:return_to] that the method uses to set where it will redirect. I ended up adding a version of redirect_back_or_default to the account controller that works for me (and as a benefit it keeps me from having to set session[:return_to] which stunk) def redirect_back_or_default(def...

...ion should have timed out. # Check to see if the user has been inactive for longer than the # expiry period. If they have, reset the session. def check_timeout if session[:expires_at] != nil @time_left = (session[:expires_at] - Time.now).to_i unless @time_left > 0 reset_session # TODO - This flash is never shown, because we redirect maybe? flash[:error] = ''Your session has timed out, please login to continue.'' redirect_to :controller => ''security'', :action => ''login'' and return false...

There''s got to be a simple answer to this... def logout reset_session flash[:notice] = "Logged out" redirect_to :action => ''index'' end The flash never shows up, and doesn''t seem to be in the new session. --Al Evans -- Posted via http://www.ruby-forum.com/.

All, Version 1.0.8 of the salted hash login generator is available. This contains a few minor bug fixes with the generator plus some README clarifications. If you are successfully running with the code already, you probably do not need this. Joe

Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would

...ction => ''profile'', :id => session[:user_id].band.id else redirect_to :controller => ''venue'', :action => ''profile'', :id => session[:user_id].venue.id end end else reset_session flash[:message] = "Incorrect Username and/or password." redirect_to :action=>''login'' end end end That''s pretty ugly! Is there a better way to do this? Is there the equiv. of a "case" or "switch" stat...

I do not seem to understad what this error is about. Some body help. wrong number of arguments (1 for 2) RAILS_ROOT: C:/INSTAN~1/rails_apps/project/config/.. Application Trace | Framework Trace | Full Trace #{RAILS_ROOT}/app/controllers/user_controller.rb:10:in `authenticate'' #{RAILS_ROOT}/app/controllers/user_controller.rb:10:in `process_login''

hi list, how to iterate over the Session object to reset all session keys (after a logout for example) session[''something'']=nil session[''another_key'']=nil ... is there something like session.keys{|aSessionKey| session[aSessionKey]=nil} ? thanks arnaud

....... kindly give ur views pls... after logging into the application,i redirect to company list page.now when user clicks the browser back button it should show the login page.that is i want to destroy the session.so in my login controller i have written code below. def log_in if request.get? reset_session end end in my routes.rb map.root :controller => "login",:action => "log_in" but when i click browser back button it shows login page but it doesnot go to the log_in action. Any helps .... Thanks a bunch -- Posted via http://www.ruby-forum.com/.

...n wasn''t available. Remember to require classes for all objects kept in the session. The session has been deleted.> Moreover, after having changed the model of the class, I''m not able to do anything! The initial controller also raise the error, so I cannot call it to perform a reset_session Thanks Massimo > -----Original Message----- > From: Dave Ringoen [mailto:email-aMBdsrFCgW+KfZpkr/XK+Q@public.gmane.org] > Sent: 19 February 2005 01:21 > To: rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > Subject: [Rails] Relocating the directory for ruby_sess.* fi...

...er''s id during this session redirect_to session[:return_to] || ''/'' else flash[:error] = ''Invalid login.'' redirect_to :action => ''login'', :username => params[:user][:username] end end def logout reset_session flash[:message] = ''You are now logged out.'' redirect_to :action => ''login'' end I''ve attempted to login using a validated account that I set up but can''t seem to get passed the process_login. It doesn''t seem to attempt...

Hi I am new to ruby and trying to obtain the user name in the login index.rhtml where I could display "You have logged in [user name]" How could I do this? I have been trying different options after reading the ruby manual but still throw an error. please help -- Posted via http://www.ruby-forum.com/.

I understand that a session is server side, and not externally visible. For this reason can it be used to store a User class (username/ hashed password) safely? Or do I need to check whats in the session against the user table every time I access a controller? Many thanks, P. -- Posted via http://www.ruby-forum.com/.

Hi, I''m new to Ruby/RoR so please bare with me! I''m trying to adapt a ruby setup where someone logs in to a bonjour service via a web browser. I have the login screen which asks for host and password. There is only one user per host and i can log in fine. It''s suppose to redirect me to /list in my browser but doesn''t. Once i''ve entered the correct

Hi all, I hope someone can help with what is probably a simple newb installation mistake on my part. I''m having a couple of problems with the salted hash login generator. I installed it following the quickstart guide, and the unit tests work like a charm. There are two errors and a failure on the function tests, though; the verified field seems to be involved in at least one of

So how do you work with cookies properly in rspec now? I noticed in the docs that it mentions session, assigns, and flash, but nothing of cookie. I''m using edge rails so I''m concerned about changes to the cookie mechanisms. I need to assign values into the cookie (a remember token for restful authentication) so that I can have it log in by cookie. here is my spec

...n["return_to"]) @session["return_to"] = nil else redirect_to :controller => "weblog" end else flash["alert"] = "Login failed!" redirect_to :action => "index" end end def logout reset_session flash["alert"] = "Logged out" redirect_to :action => "index" end end 3)The model that does authentication: class Person < ActiveRecord::Base def self.authenticate(name, password) find(:first, :conditions => [ "name = ? AND password...