我记得的功能,如果只是登录仍然会创建一个永久cookie。我按照以下教程:http://railscasts.com/episodes/274-remember-me-reset-password
这里有我的
会话控制器
class SessionsController < ApplicationController
def new
if current_customer
redirect_to current_customer
end
end
def create
customer = Customer.find_by_email(params[:email])
if customer && customer.authenticate(params[:password])
if params[:remember_me]
cookies.permanent[:auth_token] = customer.auth_token
else
cookies[:auth_token] = customer.auth_token
end
redirect_to customer, :notice => "Logged in!"
else
flash.now.alert = "Invalid email or password"
render "new"
end
end
def destroy
cookies.delete(:auth_token)
redirect_to root_url, :notice => "Logged out!"
end
end
应用程序控制器
class ApplicationController < ActionController::Base
protect_from_forgery
force_ssl
private
def authorize
redirect_to login_url, alert: "Not authorized" if current_customer.nil?
end
def current_customer
@current_customer ||= Customer.find_by_auth_token(cookies[:auth_token]) if cookies[:auth_token]
end
helper_method :current_customer
end
如果没有检查params以确保自己没有其他cookie存在,我正考虑添加删除。但这似乎不起作用
答案 0 :(得分:0)
也许你应该在课堂顶部调用helper_method调用。
答案 1 :(得分:0)
尝试添加
reset_session
你的毁灭行动。