Home arrow Ruby-on-Rails arrow Page 2 - Action Pack Sessions and Architecture

Action Pack Sessions and Architecture

In this twelfth part of a multi-part series on the Action Pack library for Rails, we'll focus on the architecture of Rails and how the system handles session data. This article is excerpted from chapter six of the book Beginning Rails: From Novice to Professional, written by Jeffery Allan Hardy, Cloves Carneiro Jr. and Hampton Catlin (Apress; ISBN: 1590596862).

Author Info:
By: Apress Publishing
Rating: 5 stars5 stars5 stars5 stars5 stars / 5
June 16, 2011
  1. · Action Pack Sessions and Architecture
  2. · Using the Session

print this article

Action Pack Sessions and Architecture - Using the Session
(Page 2 of 2 )

Secure in the knowledge that Rails will take care of all the low-level details of sessions for us, using the session object couldnít be easier. The session is implemented as a hash, just like the flash. We should come clean here. The flash is, in fact, a session in disguise (you can think of it as a specialized session due to its auto-expiring properties). Not surprisingly, then, the flash and session interfaces are identical. We store values in the session according to a key.

session[:account_id] = @account.id session[:account_id] # => 1

session['message'] = "Hello world!" session['message'] # => "Hello world!"

Logging In a User

Now we can return to our new actions, starting with login . Here, youíll see the session object action (no pun intended).

def login

if request.post?

if user = User.authenticate(params[:login], params[:password])

session[:user_id] = user.id

redirect_to events_url

else flash[:notice] = 'Invalid login/password combination' end end end

First, we check to see if the request method is of the POST variety, which would indicate that the login form had been posted. If itís a GET , meaning no form data has been posted, we just want to render the login template, which will happen automatically since weíre not sending any other response. If we have a POST , though, we use the authenticate class method from our User model to attempt a login (see Listing 5-28 in Chapter 5).

Remember that authenticate returns a User object if the authentication succeeds; otherwise it returns false . Therefore, we can perform our conditional and our assignment in one shot using if user = User.authenticate(params[:login], params[:password]) . If the assignment takes place, we want to store a reference to this user so we can keep the user logged inóa perfect job for the session if there ever was one.

session[:user_id] = user.id

Notice that we donít need to store the entire User object in session. We store just a reference to the userís id . Why wouldnít we want to store the entire User object? Well, think about this for a minute: what if the user is stored in session and then that user later changes her login? The old login would remain in the session and would therefore be stale. This can cause further problems if the underlying User model changes. Your entire object could become stale, potentially causing a NoMethodError when accessing attributes that didnít exist on the model at the time it was placed in session. The best bet is to just store the id .

With a reference to the logged-in user safely stored in session, we can redirect to the events controller.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

blog comments powered by Disqus

- Ruby-on-Rails Faces Second Security Flaw in ...
- Ruby 2.0 Prepped for February 2013 Release
- Why LinkedIn Switched from Ruby on Rails
- Adding Style with Action Pack
- Handling HTML in Templates with Action Pack
- Filters, Controllers and Helpers in Action P...
- Action Pack and Controller Filters
- Action Pack Categories and Events
- Logging Out, Events and Templates with Actio...
- Action Pack Sessions and Architecture
- More on Action Pack Partial Templates
- Action Pack Partial Templates
- Displaying Error Messages with the Action Pa...
- Action Pack Request Parameters
- Creating an Action Pack Registration Form

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials