session [：user_id]即使用户登录Rails也返回nil

Question

omniauth_callbacks_controller

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController

def facebook

 @user = User.from_omniauth(request.env["omniauth.auth"])

 if @user.persisted?
  sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
  set_flash_message(:notice, :success, :kind => "Facebook") if is_navigational_format?
 else
  session["devise.facebook_data"] = request.env["omniauth.auth"]
  redirect_to new_user_registration_url
  end
 end
end

session_controller

class SessionsController < ApplicationController

 def create
  user = User.from_omniauth(env["omniauth.auth"])
  #sign_in(:user, user)
  session[:user_id] = user.id 
  redirect_to root_url
 end

 def destroy
  session[:user_id] = nil
  redirect_to root_url
 end
end

application_controller

 class ApplicationController < ActionController::Base
    # Prevent CSRF attacks by raising an exception.
    # For APIs, you may want to use :null_session instead.
       protect_from_forgery with: :exception
    private
    helper_method :current_user
    def current_user
         @current_user = User.find(session[:user_id])  
    end

  end

user.rb

   class User < ActiveRecord::Base
      # Include default devise modules. Others available are:
      # :confirmable, :lockable, :timeoutable and :omniauthable
      devise :database_authenticatable, :registerable,
     :recoverable, :rememberable, :trackable, :validatable,:omniauthable, :omniauth_providers => [:facebook]
      belongs_to :restaurant, foreign_key: 'restaurant_id'
      has_many :orders
      def self.from_omniauth(auth)
    where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
        user.provider = auth.provider
        user.uid = auth.uid
        user.name = auth.info.name
        user.oauth_token = auth.credentials.token
        user.email = auth.info.email
        user.password = Devise.friendly_token[0,20]
        user.oauth_expires_at = Time.at(auth.credentials.expires_at)

      end
  end
end

visitor_controller

 class VisitorsController < ApplicationController

   def index
     @user = current_user

   end
 end

This is the root page controller of my app. I am creating a restaurant ordering app, but the problem is all orders are being displayed to all user.

So i need to make each order user specific. But I am not being able to access 'user.id' from any of my controller.

Please help. Not being able to find the problem. Thank you.

Answer 1

If you have an application where you intend to use Devise and OmniAuth together you do not need to create a custom SessionsController .

You would simply need customize to the login page with a link:

<%= link_to "/auth/facebook", "Sign in with Facebook" %>

Note that the same callback URL will be used for both new and returning users!

sign_in_and_redirect in your Users::OmniauthCallbacksController in will handle serialing the user in the session with the help of Warden and you can sign out user by the normal Devise controller.

---

Edit

The biggest problem with you seem to have is understanding how OmniAuth and Devise work together.

Devise provides a normal user / password signup and all the functionality needed for sessions.

OmniAuth provides abstraction for dealing with different OAuth providers and dealing with details of OAuth.

All your callbacks controller need to do is call Devises sign_in_and_redirect method and it will take care of serializing the user in the session through Warden.