On Mon, Jul 27, 2009 at 12:39 PM, Marcelo de Moraes
Serpa<celose...@gmail.com> wrote:
>
> So, it is not a matter of "checking the user is not authenticated",
> but of "setting the ground and making sure the user is not
> authenticated", which of course, means loggin out the user on this
> given step to make sure it is really not-authenticated.
Yes, but POSTing to a logout action seems like overkill. If a Web
request to a controller action is strictly required, your controllers
are probably doing too much.
The right answer depends on what "authentication" means in the context
of your app. In most modern Rails authentication solutions there's a
concept of a session, and logging out means getting rid of that
session. I like AuthLogic because it's simple; the session itself is
a model, and you can treat it as such:
Given "I am not authenticated" do
current_session.destroy if current_session
end
Tweak based on whatever methods/helpers/etc. you're using to track the
current session. In restful_authentication, there's a
logout_killing_session! method in the library file, which wraps some
loose code to forget cookies and such.
--
Have Fun,
Steve Eley (sfe...@gmail.com)
ESCAPE POD - The Science Fiction Podcast Magazine
http://www.escapepod.org
_______________________________________________
rspec-users mailing list
rspec-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/rspec-users
