On 17/12/2008, at 9:56 AM, James Byrne wrote:
Re: authlogin
Can someone familiar with this gem explain where and how the
user_sessions are maintained? I have pawed through the code but it
has
left me rather more confused than not. The best inkling I can
arrive at
is that the authlogic persistence token is stored in the session data
and that the UserSession model serially searches sessions for that
token
string in whatever store medium that the Rails application is using.
However, I cannot seem to identify exactly where and how this is
done in
the code. Advice would be welcome.
G'day James. I know this was like 2 months ago, but I finally got
around to reading the rest of this thread.
The last version of AuthLogic that I used was 1.0.1, so things might
have changed a bit since then. Nonetheless...
Authlogic uses a model called UserSession to deal with login sessions.
If you have a look at UserSessionsController, you'll see that there
are only three methods:
* new
* create
* destroy
When a user wants to login, they call UserSessionsController#new,
which renders a login form. The login form submits to
UserSessionsController#create, which authenticates the user. If
successful, the session is saved, which causes the application to
consider the user "logged-in".
When a user wants to logout, they simply visit
UserSessionsController#destroy . This kills their UserSession object,
which results in the application considering them as "not logged-in".
I hope that helps. If you have other questions, feel free to post
here, or email me privately, or email Authlogic's author; he's quite
friendly.
Cheers,
Nick
_______________________________________________
rspec-users mailing list
rspec-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/rspec-users
