In my Rails app, I have a login page. After that person logs in, what is the best way for my app to continue tracking the person that has logged in. For example, if the user moves to different pages, my controllers/actions will lose track of that user unless I keep passing a variable between each page the user subsequently visits. Is there a better way of doing this? Should I be using the sessions variable?
views:
366answers:
2
+3
A:
Yes, sessions are exactly what you are looking for.
session["user_id"] = user_id
And to fetch the current user on another page (if your model is called User):
@current_user = User.find(session["user_id]")
Palm
2009-03-08 11:54:53
Keep in mind that if you are using cookie based sessions, which is default I think in rails 2.1+ that this data could be changed to switch who is logged in.
Tilendor
2009-03-10 22:54:06
Actually the cookie has a SHA512 fingerprint based on your application's secret key ensuring no tampering with the data. This means however that the cookie content is available on the client side so you should avoid storing sensitive data (passwords etc) unless you change to a server side store.
Palm
2009-03-11 08:05:33
+2
A:
Strongly consider a plugin to manage this.
There are several, such as restful authentication.
This gives current_user and logged_in? functionality.
wombleton
2009-03-08 22:25:41