I store all session information in database. The user can login the system for do something. There are some restricted area required user login. If the user try to reach those area before login, the system will redirect them to login page.
Sometimes user may close the browser without logout. If this happen, next time when he try to login, the system cannot recognized the newly generate session, even the user typed in the correct username and password. The system will then force the user login again.
Would anyone know how to fix this? I tried to reset the session using reset_session before loading the login page. The problem cannot be fixed.
Session Controller
def new
end
def create
session[:current_account] = Account.authenticate(params[:email], params[:password])
if session[:current_account]
redirect_to :controller => "xxxxx", :action => "index"
else
flash[:notice] = "Please try again."
render :action => 'new'
end
end
Account Model
def self.authenticate(email, pass)
account = find_by_email(email)
account && account.authenticated?(pass) ? account : nil
end
def authenticated?(pass)
encrypted_password == Account.encrypt(pass,salt)
end
Xxxxx Controller
before_filter :permission_handling
def index
end
Application Controller
def permission_handling
unless logged_in?
forced_login
end
end
def logged_in?
session[:current_account].is_a?(Account)
end
def forced_login
flash[:notice] = "You haven't login yet!"
redirect_to ( :controller => "sessions", :action => "new" )
end
Thanks all. :)