与authenticate_or_request_with_http_basic结合使用时,authlogic会话创建失败
我最近想在 Heroku 上部署我的 Rails 应用程序,但希望将其与外界隔离,直到我在 Heroku 本身上对其进行了测试。为了屏蔽它,我使用了authenticate_or_request_with_http_basic。然而,在通过基本身份验证并想要登录(使用 authlogic 登录系统)后,我发现 authlogic 不记得会话(例如 current_user == nil)。
如果没有authenticate_or_request_with_http_basic before_filter,authlogic 会话可以正常工作。
有谁知道这是为什么以及如何使两者一起工作?
提前致谢。
PS:需要明确的是,我的目标是不能够将authlogic用户与authenticate_or_request_with_http_basic一起使用。
PPS:我使用 Rails 3 和 git://github.com/odorcicd/authlogic.git
I recently wanted to deploy my Rails app on heroku but wanted to shield it from the outside world until I had tested it on the heroku itself. In order to shield it I have used authenticate_or_request_with_http_basic. However after having passed through the basic authentication and wanting to login (login system using authlogic) I find that authlogic doesn't remember a session (e.g. current_user == nil).
Without the authenticate_or_request_with_http_basic before_filter the authlogic sessions work fine.
Does anybody know why this is and how to make the two work together?
Thanks in advance.
PS: Just to be clear, my goal is not to be able to use authlogic users with authenticate_or_request_with_http_basic.
PPS: I use Rails 3 and git://github.com/odorcicd/authlogic.git
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我也遇到这个问题了!我将尝试研究它,看看我是否能想出任何办法...
编辑:修复方法是在您的 Authlogic 会话上禁止 HTTP 基本身份验证...
我很确定这是一个错误真实逻辑。问题在于这个方法:
当使用 HTTP Basic 时,即使在应用程序的其他地方,它也会返回 true。
I'm having this issue also! I'm going to try and look into it to see if I can come up with anything...
EDIT: The fix is to disallow HTTP basic auth on your Authlogic session...
I'm pretty sure that this is a bug in Authlogic. The problem is this method:
which returns true when HTTP Basic is being used, even elsewhere in your application.