I'm pretty new at Ruby, Rails, and Authlogic, but I've got Authlogic installed, login in and out is fine, but I went to set up Authlogic's brute force protection feature and it won't work...
Here's my app/models/user_session.rb:
class UserSession < Authlogic::Session::Base
consecutive_failed_logins_limit 3
failed_login_ban_for 2.hours
end
I've tried testing it in Rspec, Cucumber, and Firefox with no success. When I look back at my logs Authlogic updates the failed_login_count until it reaches whatever limit I have set and then resets the count.
Seems good. Except it will then let me login afterwards..... In all my tests .being_brute_force_protected? never returns true and the login is never temporarily banned
I can't find anyone else having this problem online (I may not know the right place to look, like I said I'm new) I've checked the Rdocs and they seem to be telling that it should work... Anyone have any thoughts on what could be causing me this trouble/where I could go to find my answer/what further tests I should run?