Rails 2 sessions

Hi there,

I've just ported an application to new Rails 2.0 style, but
I still
have troubles with the session management. I used to have it
stored in
the database, but since this is such a simple application
with less
security impact, I wanted to use the new cookie store
implementation
of sessions. Also because I seem to be having other problems
with
sessions.

Basically my question is (I have looked the Internet but
couldn't
really find the answers):

- How to start a session?
- How to end a session?

I now have done this:
- In config/environment.rb:
  config.action_controller.session = {
    :session_key => '_app_session',
    :secret      =>
'3fe8a511d2ccfce90c4177f1539b82cf31a85bbeae7711566747b93b7cb
a5744cb081777d6d2661b733685f1d5061c8b2f5c59e1a22c40bca0e085d
ac2357dcd'
  }

- In a RESTful authentications controller:
  # POST /admin/authentications
  def create
    authentication =
Authentication.new(clean_hash(params[:authentication]))
    if authentication.valid? && authentication.is_administrator?
      session[:logged_on] = true
      success_page 'logged_on'
    else
      flash.now[:error] = 'invalid credentials'
      render :action => :new
    end
  end

  # DELETE /admin/authentications/1
  def destroy
    reset_session
    success_page 'logged off'
  end

My thoughts are "reset_session" isn't right,
expiration isn't taken
care of, etc. I get message, for instance when I log off, it
says:
ActionController::InvalidAuthenticityToken

To cut things short, what's going on? I've tried to read as
much over
new sessions, but at the moment I'm not happy, because I
think
something has changed with a lot of impact.

Any help would really be appreciated.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Ruby on Rails" group.
To post to this group, send email to rubyonrailsgooglegroups.com
To unsubscribe from this group, send email to
rubyonrails-unsubscribegooglegroups.com
For more options, visit this group at http://gro
ups.google.com/group/rubyonrails
-~----------~----~----~----~------~----~------~--~---

I think I resolved this myself, there was still a line in
application.rb that concerned session and which should only
be set
when using something else then the cookie store.

On Dec 16, 1:31 pm, Walter Horstman <wally...zonnet.nl> wrote:
> Hi there,
>
> I've just ported an application to new Rails 2.0 style,
but I still
> have troubles with the session management. I used to
have it stored in
> the database, but since this is such a simple
application with less
> security impact, I wanted to use the new cookie store
implementation
> of sessions. Also because I seem to be having other
problems with
> sessions.
>
> Basically my question is (I have looked the Internet
but couldn't
> really find the answers):
>
> - How to start a session?
> - How to end a session?
>
> I now have done this:
> - In config/environment.rb:
>   config.action_controller.session = {
>     :session_key => '_app_session',
>     :secret      =>
>
'3fe8a511d2ccfce90c4177f1539b82cf31a85bbeae7711566747b93b7cb
a5744cb081777d6d2661b733685f1d5061c8b2f5c59e1a22c40bca0e085d
ac2357dcd'
>   }
>
> - In a RESTful authentications controller:
>   # POST /admin/authentications
>   def create
>     authentication =
>
Authentication.new(clean_hash(params[:authentication]))
>     if authentication.valid? && authentication.is_administrator?
>       session[:logged_on] = true
>       success_page 'logged_on'
>     else
>       flash.now[:error] = 'invalid credentials'
>       render :action => :new
>     end
>   end
>
>   # DELETE /admin/authentications/1
>   def destroy
>     reset_session
>     success_page 'logged off'
>   end
>
> My thoughts are "reset_session" isn't right,
expiration isn't taken
> care of, etc. I get message, for instance when I log
off, it says:
> ActionController::InvalidAuthenticityToken
>
> To cut things short, what's going on? I've tried to
read as much over
> new sessions, but at the moment I'm not happy, because
I think
> something has changed with a lot of impact.
>
> Any help would really be appreciated.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Ruby on Rails" group.
To post to this group, send email to rubyonrailsgooglegroups.com
To unsubscribe from this group, send email to
rubyonrails-unsubscribegooglegroups.com
For more options, visit this group at http://gro
ups.google.com/group/rubyonrails
-~----------~----~----~----~------~----~------~--~---