What is a very simple authentication scheme for Sinatra/Rack?

User! = nil end end before do @user = User. Get(session:user_id) end get "/" do " anonymous.

" end get "/protected", :auth => :user do " #{@user.Name}. " end post "/login" do session:user_id = User. Authenticate(params).

Id end get "/logout" do session:user_id = nil end end For any route you want to protect, add the :auth => :user condition to it, as in the protected example above. That will call the auth method, which adds a condition to the route via condition The condition calls the is_user? Method, which has been defined as a helper.

The method should return true or false depending on whether the session contains a valid account id. (Calling helpers dynamically like this makes it simple to add other types of users with different privileges. ) Finally, the before handler sets up a user instance variable for every request for things like displaying the user’s name at the top of each page.

You can also use the is_user? Helper in your views to determine if the user is logged in.

Here is a very simple authentication scheme for Sinatra. I’ll explain how it works below. Class App true register do def auth (type) condition do redirect "/login" unless send("is_#{type}?") end end end helpers do def is_user?

@user! = nil end end before do @user = User. Get(session:user_id) end get "/" do " anonymous.

" end get "/protected", :auth => :user do " #{@user. Name}." end post "/login" do session:user_id = User. Authenticate(params).

Id end get "/logout" do session:user_id = nil end end For any route you want to protect, add the :auth => :user condition to it, as in the /protected example above. That will call the auth method, which adds a condition to the route via condition. The condition calls the is_user?

Method, which has been defined as a helper. The method should return true or false depending on whether the session contains a valid account id. (Calling helpers dynamically like this makes it simple to add other types of users with different privileges.

) Finally, the before handler sets up a @user instance variable for every request for things like displaying the user’s name at the top of each page. You can also use the is_user? Helper in your views to determine if the user is logged in.

Firstly, thank you for such a well thought out response! Secondly, I forget to mention but it would be nice if I could have persistent sessions. I'm assuming that if I did something like below, then this would allow the session to be persistent?

Rack::Session::Cookie, :secret => "some really unique value" Are there any security issues with this approach if that is the case? – AndrewVos Aug 25 '10 at 18:50.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.