So for a certain project I'm thinking it may possibly be useful for me to be able to take an authentication token and figure out which user it is for. I'm not sure if it's even possible or not. Anyone happen to know?
A:
Authlogic (example app linked) uses 'persistence tokens'.
t.string :login, :null => false # optional, you can use email instead, or both
t.string :email, :null => false # optional, you can use login instead, or both
t.string :crypted_password, :null => false # optional, see below
t.string :password_salt, :null => false # optional, but highly recommended
t.string :persistence_token, :null => false # required
t.string :single_access_token, :null => false # optional, see Authlogic::Session::Params
t.string :perishable_token, :null => false # optional, see Authlogic::Session::Perishability
# Magic columns, just like ActiveRecord's created_at and updated_at. These are automatically maintained by Authlogic if they are present.
t.integer :login_count, :null => false, :default => 0 # optional, see Authlogic::Session::MagicColumns
t.integer :failed_login_count, :null => false, :default => 0 # optional, see Authlogic::Session::MagicColumns
t.datetime :last_request_at # optional, see Authlogic::Session::MagicColumns
t.datetime :current_login_at # optional, see Authlogic::Session::MagicColumns
t.datetime :last_login_at # optional, see Authlogic::Session::MagicColumns
t.string :current_login_ip # optional, see Authlogic::Session::MagicColumns
t.string :last_login_ip # optional, see Authlogic::Session::MagicColumns
It may not be exactly what you want, but I think you can make it work. The real question is, why do you want to do this?
Trevoke
2010-02-11 18:51:38
well, I'm uploading big files to a different server than the webpage is coming from, which in turn sends the uploaded file's url back to my web server.. the easiest way for me to associate the user to the file is to send the user id with the file... i was thinking it may be safer to send his auth token... i may also be a complete idiot
tybro0103
2010-02-11 19:01:06
I don't know much about the subtleties of Rails yet, but why do you need to send it at all?
Trevoke
2010-02-11 19:32:18
i need to know what user uploaded the video... the video is uploaded to a different server then the web server
tybro0103
2010-02-11 19:56:00
Is there any way to make that part of the user's session, instead of doing what sounds like closing a session and reopening a new one? Or is it not desirable to keep the session open?
Trevoke
2010-02-11 20:21:31
um... not sure I follow you.. the auth token is in the user session... but the video is sent to a different server than the server the user has his session on
tybro0103
2010-02-11 21:08:00
Can you make "send video and get URL back" part of the same session, or is "retrieving the URL" a separate process altogether? Mind you, if you don't understand what I mean, don't worry too much about it. :)
Trevoke
2010-02-11 22:23:02