Rails 3 - 身份验证和 :before_filter
我是 Rails 的新手。我尝试构建一个简单的身份验证系统,在 application_controller 中,我添加了以下几行:
def check_session
if session[:user]
if session[:expiry_time] < 10.minutes.ago
reset_session
flash[:warning] = 'You was logout.'
redirect_to root_url
else
session[:expiry_time] = Time.now
end
else
#... authenticate
session[:expiry_time] = Time.now
flash[:warning] = 'You was logout.'
redirect_to root_url
end
end
我的问题出在一个操作中 - 在此操作中,我检查用户是否登录。如果用户已登录,那么我将渲染一个模板,如果用户没有登录,那么我将渲染第二个模板。看起来像:
<% unless session[:user].nil? %>
<%= render :template => 'template_for_login_user' %>
<% else %>
<%= render :template => 'template_for_not_login_user' %>
<% end %>
问题是这样的——这对我不起作用。至少...好吧 - 如果我没有登录,那么将渲染模板template_for_not_login_user,如果我登录,那么template_for_login_user。这是对的。
但是,如果我登录并且在 template_for_login_user 上,但我有 15 分钟空闲 =>会话将过期 =>我应该重定向到登录表单。但这是问题 - 我空闲了 15 分钟,刷新了此页面,所以我仍在执行 template_for_login_user 操作 - 这就是问题......
我想问你 - 你可以吗请帮帮我,哪里可能有问题?我做错了什么?
I am a newbie in Rails. I try to build a simple authenticate system, to application_controller I put following lines:
def check_session
if session[:user]
if session[:expiry_time] < 10.minutes.ago
reset_session
flash[:warning] = 'You was logout.'
redirect_to root_url
else
session[:expiry_time] = Time.now
end
else
#... authenticate
session[:expiry_time] = Time.now
flash[:warning] = 'You was logout.'
redirect_to root_url
end
end
My problem is in one action - in this action I check, if the user is log in or not. And if the user is log in, so I will render one template, and if not, so I will render the second one. It looks like:
<% unless session[:user].nil? %>
<%= render :template => 'template_for_login_user' %>
<% else %>
<%= render :template => 'template_for_not_login_user' %>
<% end %>
And here is the problem - this doesn't works me. At least... well - if I am not log in, so will be render the template template_for_not_login_user and if I am, so template_for_login_user. This is right.
But if I am log in and I am on the template_for_login_user, but I am 15min idle => the session will be expired => I should be redirect to login form. But here is the problem - I am 15 minutes idle and I refresh this page, so I am still on the action template_for_login_user - and this is the problem...
I would like to ask you - can you help me please, where could be a problem? What I'm doing wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在您的 ApplicationController 中,您是否添加了这样的行:
如果某些控制器操作不需要对用户进行身份验证,您可以添加以下内容:
在此示例中,这将跳过操作上的 before_filter :check_session :索引和搜索。这样,您就可以实现始终检查登录用户的会话的全局行为。但是您可以在特定控制器中跳过此操作,其中某些操作不需要用户进行身份验证
In your ApplicationController, did you add a line like this :
if some controller action don't need the user to be authenticated, you can add this:
in this example, this would skip your before_filter :check_session on action : index and search. This way you have a global behavior that always check the session for a user logged on. But you can skip this in particular controller where some actions don't need the user to be authenticated