我在sign_in页面上使用“记住我”复选框。 记住我 - 显然要永远记住会话(有20年到期),除非你点击注销按钮。
问题是,如果我没有检查记住我,我就无法登录。
SessionController:
def create
user = User.find_by(email: params[:email].downcase)
if user && user.authenticate(params[:password])
if params[:remember_me]
sign_in user
redirect_to root_url
else
User.find_by_id(session[:remember_token])
session[:remember_token] = user.id
redirect_to root_url
end
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
SessionHelper
def sign_in(user)
remember_token = User.new_remember_token
cookies.permanent[:remember_token] = remember_token
user.update_attribute(:remember_token, User.encrypt(remember_token))
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
@current_user = user
end
def current_user
remember_token = User.encrypt(cookies[:remember_token])
@current_user ||= User.find_by(remember_token: remember_token)
end
def sign_out
self.current_user = nil
cookies.delete(:remember_token)
end
答案 0 :(得分:2)
在您的create方法中,当用户未选中“记住我”框时,您实际上并未将用户标记为已登录。它仅在user.id中存储session[:remember_token]。
if user && user.authenticate(params[:password]) # valid email & password
if params[:remember_me] # remember me
sign_in user
redirect_to root_url
else # do not remember me
#User.find_by_id(session[:remember_token]) # this line did nothing
session[:remember_token] = user.id # store user.id in session
redirect_to root_url
end
else
...
end
您的current_user未在会话中检查user.id,但仅检查Cookie或手动分配current_user。
我会像这样重写当前用户:
def current_user
if @current_user
@current_user
elsif session[:remember_token]
@current_user ||= User.find_by_id(session[:remember_token])
elsif cookies[:remember_token]
remember_token = User.encrypt(cookies[:remember_token])
@current_user ||= User.find_by(remember_token: remember_token)
else
nil
end
end
顺便说一句。标题与正文中定义的问题无关。