ADVANCED ACTION PACK in Font

Maker PDF417 in Font ADVANCED ACTION PACK

Secure in the knowledge that Rails will take care of all the low-level details of sessions for you, using the session object couldn t be easier. session is implemented as a hash, just like flash. We should come clean here. flash is a session in disguise (you can think of it as a specialized session due to its autoexpiring properties). Not surprisingly, then, the flash and session interfaces are identical. You store values in the session according to a key: session[:account_id] = @account.id session[:account_id] # => 1 session['message'] = "Hello world!" session['message'] # => "Hello world!"

Now that you understand sessions, youcan go back to your main task: allowing users to log in and log out. You create a session when the user logs in and clear (destroy) it when they re done. Of course, you do that in a RESTfull way, by treating the session as a resource: Start by generating a sessions controller: $ rails generate controller Sessions create invoke create invoke create invoke create invoke create app/controllers/sessions_controller.rb erb app/views/sessions test_unit test/functional/sessions_controller_test.rb helper app/helpers/sessions_helper.rb test_unit test/unit/helpers/sessions_helper_test.rb

Now, define this as a resource in your routes file in config/routes.rb, as shown in Listing 7-16. Listing 7-16. Adding session to routes.rb in config/routes.rb: http://gist.github.com/338904 Blog::Application.routes.draw do root :to => "articles#index"

resources :articles do resources :comments end resources :users resource :session end Notice that you define session as a resource and not resources, because you never deal with a set of sessions at once. You never list sessions in an index or anything like that you just need to create or destroy a single session at a time. Let s step back and try to understand the difference between resource and resources definitions. The main benefit you get from defining resources in your routes file is the named routes that are generated for you. In case of a single resource definition, you get different named routes: none of them are pluralized, all are singular, and there s no index action. Rails maps six actions instead of the seven in a resources definition. Table 7-2 provides a quick comparison between resources named routes and resource named routes. Table 7-2. Named Routes: resources vs. resource

articles_path articles_path article_path article_path article_path edit_article_path new_article_path

Not available session_path session_path session_path session_path edit_session_path new_session_path

NOTE Although a singular name is used for the resource, the controller name is still taken from the plural name, so sessions_controller is the controller for the session resource in this case.

To avoid confusion, let s map this in your mind; to log in, you need to create a session; to log out, you clear that session. You use new_session_path as your login path, and the new template is your login page. POSTing the form in the new session page to session_path creates the session. Finally, submitting a DELETE request to session_path clears that session, performing a logout. Now, let s map it in the routes file; see Listing 7-17.

Listing 7-17. Adding session to routes.rb in config/routes.rb: http://gist.github.com/338912 Blog::Application.routes.draw do root :to => "articles#index" resources :articles do resources :comments end resources :users resource :session match '/login' => "sessions#new", :as => "login" match '/logout' => "sessions#destroy", :as => "logout" end You basically define two named routes, login_path and logout_path, which are more meaningful than new_session_path and session_path when referring to those actions.

As you did for Active Record resources, in the create action, you first check the validity of the resource in this case through authentication and you save the state if all is good. If the validity check fails, you return the user to the login page with an error message. In this controller, you never save a record to the database you save a session object. Listing 7-18 shows the create action. Listing 7-18. create Method in app/controllers/sessions_controller.rb: http://gist.github.com/338919 class SessionsController < ApplicationController def create if user = User.authenticate(params[:email], params[:password]) session[:user_id] = user.id redirect_to root_path, :notice => "Logged in successfully" else flash.now[:alert] = "Invalid login/password combination" render :action => 'new' end end end First, you use the authenticate class method from the User model to attempt a login (see Listing 537 in 5). Remember that authenticate returns a User object if the authentication succeeds; otherwise, it returns nil. Therefore, you can perform your conditional and your assignment in one shot using if user = User.authenticate(params[:email], params[:password]). If the assignment takes place, you want to store a reference to this user so you can keep the user logged in a perfect job for the session: session[:user_id] = user.id Notice that you don t need to store the entire User object in session. You store just a reference to the user s id. Why not store the entire User object Well, think about this for a minute: what if the user is