In Ruby on Rails Restful Authentication, why does current_user check the HTTP username and password?
This function indicates that there are three ways to authenticate in your system.
This function indicates that there are three ways to authenticate in your system: Using a POST request from /session/new or /login. Using BASIC HTTP authentication (a popup or URL provided username and password). Using a remember me cookie so that sessions can persist even when session cookies are destroyed or the browser is restarted.
Even though your basic login happens with a POST request from /session/new or /login, the only thing that POST request actually does is set the session user id (probably session:user_id). Once that session:user_id has been set, you no longer need to login to perform a request, because you are authenticated. From this point forward the actual authentication happens by checking the session:user_id to see if someone has already logged in.
Here is a more detailed authentication lifecycle (for login): User visits /login. User enters password and username and submits form. Password is checked, if authenticated the session:user_id is set.
User visits another page. To check if the user is authenticated, current_user is called. Login_from_session is called and the user corresponding to session:user_id is returned.
The user is considered authenticated. Here is a more detailed authentication lifecycle (for HTTP BASIC authentication): A user visits http://username:[email protected]. To check if the user is authenticated, current_user is called.
Login_from_session is called, but session:user_id is nil, so nil is returned. Login_from_basic_auth is called, and username:password is present, so the corresponding user is returned. The user is considered authenticated.
Here is a more detailed authentication lifecycle (remember me cookie): A user has previously logged in and chosen the 'remember me' option. A user closes their browser and then re-opens it and visits your site. Login_from_session is called, but session:user_id is nil, so nil is returned.
Login_from_basic_auth is called, but username and password are missing, so nil is returned. Login_from_cookie is called and a cookie is found and used to return a user. The user is considered authenticated.
– å‹•éœèƒ½é‡ Feb 25 '11 at 0:10 Yes, it probably can. I think it would be safe to do so. – Pan Thomakos Feb 25 '11 at 0:41.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.
Related Questions
In Restful web services how to get username or password programmatically (basic authentication)?
Ive entered a valid username and password but I receive an error message stating that my username/password is invalid. Why is that?
Rails, Restful Authentication & RSpec - How to test new models that require authentication?
I have entered the same username and password in the iPhones setting menu and the Outlook add-on, however I still get a Username/password do not match error. How do I fix this?
Accessing User's Objects in Different States (Ruby on Rails, RESTful Authentication)?
Ruby on Rails functional testing with the RESTful Authentication plugin?