堆栈内存溢出
  简体   繁体   English

如何删除导轨中的 session?

[英]How to delete session in rails?

 原文  2019-11-03 14:49:08       ruby-on-rails/ rubygems/ ruby-on-rails-5/ ruby-on-rails-6

问题描述

I am able to log in into application even after logging out, by clicking the back button on search bar.即使在注销后,我也可以通过单击搜索栏上的后退按钮登录到应用程序。

For some strange reasons, I am not able to delete the session completely.由于一些奇怪的原因,我无法完全删除 session。

I am not using any gem.我没有使用任何宝石。 I want to create rails authentication from scratch.我想从头开始创建 Rails 身份验证。

Sessions Controller:会话 Controller:

 class SessionsController < ApplicationController
  def new
  end

  def create
    user = User.find_by_email(params[:email])
    if user && user.authenticate(params[:password])
      log_in user
      redirect_to user
    else
      flash.now[:danger] = 'Invalid email/password combination'
      render 'new'
    end
  end

  def destroy
    reset_session
    redirect_to root_path
  end

end

Application Helper应用程序助手

  class ApplicationController < ActionController::Base

  protect_from_forgery with: :exception

  helper_method :current_user,:logged_in?, :logged_in_user,:current_user

   def log_in(user)
     session[:user_id] = user.id
   end

   def current_user
      @current_user ||= User.find_by(id: session[:user_id])
   end

   def logged_in?
     !current_user.nil?
   end

   def logged_in_user
     unless logged_in?
       flash[:danger] = "Please log in."
       redirect_to new_session_path
     end
   end


   def current_user?(user)
     user == current_user
    end

end

Allpication.html.erb Allpication.html.erb

  <body>

    <div class="container">

       <% flash.each do |message_type, message| %>
          <div class="alert alert-<%= message_type %>"><%= message %></div>
       <% end %>

       <header>

         <% if logged_in? %>
           <%= link_to "Log out", sessions_path, method: "delete" %>
           <%= link_to "Edit", edit_user_path(current_user) %>
         <% else %>
           <li>
             <%= link_to "Sign Up", new_user_path %>
           </li>
           <li>
             <%= link_to "Log in", new_sessions_path %>
           </li>
         <% end %>



         </header>
         <%= yield %>
       </div>
    </body>

Please help me.请帮我。 I am going nuts.我快疯了。

User Controller用户 Controller

class UsersController < ApplicationController
    before_action :logged_in_user, only: [:new, :show, :edit, :update]
    before_action :correct_user, only: [:new, :show, :edit, :update]

    def index
      @users = User.all
    end

    def new
      @user = User.new
    end

    def create
      @user = User.new(set_params)
      if @user.save
        redirect_to new_session_url
      else
        render 'new'
      end
    end

    def show
      @user = User.find(params[:id])
      @posts = @user.posts
    end

    def edit
      @user = User.find(params[:id])
    end

    def update
       @user = User.find(params[:id])
       if @user.update(update_params)
        redirect_to @user
      else
        render 'edit'
      end
    end



    private

    def set_params
      params.require(:user).permit(:name, :email, :password, :password_confirmation)
    end
    def update_params
      params.require(:user).permit(:name, :email, :password, :password_confirmation)
    end


    def correct_user
      @user = User.find(params[:id])
      redirect_to(root_url)  unless current_user?(@user)
    end


end

User is able to log in only he/she logged in.用户只能登录他/她登录。

I have updated my code as per what i have been suggested or what i have i tried.我已经根据我的建议或我尝试过的内容更新了我的代码。

1 个解决方案

解决方案1
 1 已采纳  2019-11-04 16:51:14

As pointed out in the comments, this is happening because Rails is caching.正如评论中所指出的,这是因为 Rails 正在缓存。

You can do the following to get around this issue.您可以执行以下操作来解决此问题。

In your ApplicationController , put the following code在您的ApplicationController中,输入以下代码

class ApplicationController < ActionController::Base

  before_action :set_cache_buster

  private
    def set_cache_buster
      response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
      response.headers["Pragma"] = "no-cache"
      response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
    end
end

解决方案2
 0  2019-11-04 12:16:09

You can delete the session completely by calling reset_session .您可以通过调用reset_session完全删除 session 。 This invalidates the session identifier.这会使 session 标识符无效。 So that even if the user sent an old session cookie rails will not be able to unencrypt it and it will be rejected.这样即使用户发送了一个旧的 session cookie rails 也无法解密它并且会被拒绝。

And also there is the issue that you are using resources:sessions instead of resource:sessions .还有一个问题是您使用的是resources:sessions而不是resource:sessions

Sessions from the users POV are a singular resource since they only can have one.来自用户 POV 的会话是一种单一资源,因为他们只能拥有一个。 There is no point in placing an ID in the path.在路径中放置 ID 没有意义。 And in fact by doing session_path(current_user) you're kind of breaking REST since that is the ID of a user and not a session.实际上,通过执行session_path(current_user) ,您有点破坏了 REST,因为这是用户的 ID,而不是 session。

See:看:

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Rails + Cucumber:如何删除会话但保留cookie? - Rails + Cucumber: How do I delete the session but keep the cookies? Rails删除用户会话路径 - rails delete user session path 在Rails 3中跨多个子域删除会话Cookie - Delete Session Cookies Across Multiple Subdomains in Rails 3 Rails 4:从API调用中删除会话值 - Rails 4: Delete session value from API call 在一行中删除多个rails会话变量 - delete multiple rails session variables in a single line Rails - 删除会话而不初始化新会话 - Rails - Delete a session without initialising a new one 无法在Rails中正确删除会话 - Can't delete session properly in rails 会话如何在Rails中工作 - How session works in Rails 如何在Rails 2上的级联上删除 - How to delete on cascade on Rails 2 在Rails中,如何根据给定的会话ID终止会话? - In rails, how to expire a session given the session id?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM