| Class | SessionsController |
| In: |
app/controllers/sessions_controller.rb
|
| Parent: | ApplicationController |
A singular resource to manage the actual login and logout process. Basically a login is creating a session and logout is destroying a session.
Note that this session is different from the Rails session. This has to do with a login session and not session for storing temp data (although on logout it does clear the entire session, this behavior might change in the future)
Processes a login
# File app/controllers/sessions_controller.rb, line 21
21: def create
22: username = params[:user][username_field]
23: @user = User.find :first, :conditions =>
24: ["#{username_field} = ?", username]
25:
26: if @user && @user.authenticate(params[:user][:password])
27: cookies[:remember_me] = {
28: :value => "#{@user.id};#{@user.assign_token('remember me')}",
29: :expires => 10.years.from_now #That should be long enough :)
30: } if params[:user][:remember_me]
31: @user.save!
32:
33: # To prevent session hijacking
34: return_location = session[:return_location]
35: reset_session
36: session[:return_location] = return_location
37: session[:uid] = @user.id
38: flash[:notice] = 'Login Successful'
39: redirect_to_successful_login and return
40: end
41:
42: @user = User.new username_field.to_sym => username if @user.nil?
43: flash[:warning] = 'Username/Password Incorrect'
44: render :action => 'new'
45: end
User Logout. We assume all session should be cleared out (including session data). If this is not the case overwrite in the application
# File app/controllers/sessions_controller.rb, line 49
49: def destroy
50: reset_session
51: cookies[:remember_me] = nil
52:
53: url = if request.relative_url_root.blank?
54: '/'
55: else
56: request.relative_url_root
57: end
58: url = LOGOUT_LOCATION if Object.const_defined? 'LOGOUT_LOCATION'
59: redirect_to url
60: end