Home arrow Ruby-on-Rails arrow Page 2 - More on Action Pack Partial Templates

More on Action Pack Partial Templates

In this eleventh part of a series on the Action Pack library for Rails, you'll learn another way to assign local variables inside a partial template, and how to control the logging in and out of users. This article is excerpted from chapter six of the book Beginning Rails: From Novice to Professional, written by Jeffery Allan Hardy, Cloves Carneiro Jr. and Hampton Catlin (Apress; ISBN: 1590596862).

Author Info:
By: Apress Publishing
Rating: 5 stars5 stars5 stars5 stars5 stars / 1
June 02, 2011
  1. · More on Action Pack Partial Templates
  2. · Adding the Login and Logout Actions

print this article

More on Action Pack Partial Templates - Adding the Login and Logout Actions
(Page 2 of 2 )

Our users controller needs to serve another important function: controlling the logging in and out of users. To accomplish this, we’ll create two new actions: login and logout . The login action has an associated view template; the logout action does not. Listing 6-12 shows the new actions.


Listing 6-12. Login and Logout Actions Added to app/controllers/users_controller.rb

def login if request.post?

if user = User.authenticate(params[:login], params[:password] ) session[:user_id] = user.id redirect_to events_url

else flash[:notice] = 'Invalid login/password combination' end end end

def logout session[:user_id] = nil redirect_to login_url


We’ll take a closer look at the login and logout actions soon, but before we go any further, we need to take a minute to talk about sessions.

Lying in State

Here’s the thing: HTTP is stateless. In short, that means that each and every request you make across the HTTP protocol is autonomous. The web server has no idea that it has talked to your browser before; each request is like a blind date. Given this tidbit of infor mation, you might be wondering how you can stay logged in to a given site. How can the application remember that you’re logged in if HTTP is stateless? The answer is that we fake state.

You’ve no doubt heard of browser cookies. In order to simulate state atop HTTP, Rails uses cookies. When the first request comes in, Rails sets a cookie on the client browser. The browser remembers the cookie locally and sends it along with each subsequent request. The result is that Rails is able to match the cookie that comes along in the request with session data stored on the server.

Rails ships with a few different session storage mechanisms. You can choose to store session data directly on the application server via the file system (the current default), directly in the browser cookies (there is some controversy regarding the security of this approach), or in the database. We like the database approach the best, because it fits well with Rails’ architectural principles.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

blog comments powered by Disqus

- Ruby-on-Rails Faces Second Security Flaw in ...
- Ruby 2.0 Prepped for February 2013 Release
- Why LinkedIn Switched from Ruby on Rails
- Adding Style with Action Pack
- Handling HTML in Templates with Action Pack
- Filters, Controllers and Helpers in Action P...
- Action Pack and Controller Filters
- Action Pack Categories and Events
- Logging Out, Events and Templates with Actio...
- Action Pack Sessions and Architecture
- More on Action Pack Partial Templates
- Action Pack Partial Templates
- Displaying Error Messages with the Action Pa...
- Action Pack Request Parameters
- Creating an Action Pack Registration Form

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials