[英]How to delete session in rails?
I am able to log in into application even after logging out, by clicking the back button on search bar.即使在注销后,我也可以通过单击搜索栏上的后退按钮登录到应用程序。
For some strange reasons, I am not able to delete the session completely.由于一些奇怪的原因,我无法完全删除 session。
I am not using any gem.我没有使用任何宝石。 I want to create rails authentication from scratch.
我想从头开始创建 Rails 身份验证。
Sessions Controller:会话 Controller:
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
log_in user
redirect_to user
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
reset_session
redirect_to root_path
end
end
Application Helper应用程序助手
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
helper_method :current_user,:logged_in?, :logged_in_user,:current_user
def log_in(user)
session[:user_id] = user.id
end
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
def logged_in?
!current_user.nil?
end
def logged_in_user
unless logged_in?
flash[:danger] = "Please log in."
redirect_to new_session_path
end
end
def current_user?(user)
user == current_user
end
end
Allpication.html.erb Allpication.html.erb
<body>
<div class="container">
<% flash.each do |message_type, message| %>
<div class="alert alert-<%= message_type %>"><%= message %></div>
<% end %>
<header>
<% if logged_in? %>
<%= link_to "Log out", sessions_path, method: "delete" %>
<%= link_to "Edit", edit_user_path(current_user) %>
<% else %>
<li>
<%= link_to "Sign Up", new_user_path %>
</li>
<li>
<%= link_to "Log in", new_sessions_path %>
</li>
<% end %>
</header>
<%= yield %>
</div>
</body>
Please help me.请帮我。 I am going nuts.
我快疯了。
User Controller用户 Controller
class UsersController < ApplicationController
before_action :logged_in_user, only: [:new, :show, :edit, :update]
before_action :correct_user, only: [:new, :show, :edit, :update]
def index
@users = User.all
end
def new
@user = User.new
end
def create
@user = User.new(set_params)
if @user.save
redirect_to new_session_url
else
render 'new'
end
end
def show
@user = User.find(params[:id])
@posts = @user.posts
end
def edit
@user = User.find(params[:id])
end
def update
@user = User.find(params[:id])
if @user.update(update_params)
redirect_to @user
else
render 'edit'
end
end
private
def set_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def update_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_url) unless current_user?(@user)
end
end
User is able to log in only he/she logged in.用户只能登录他/她登录。
I have updated my code as per what i have been suggested or what i have i tried.我已经根据我的建议或我尝试过的内容更新了我的代码。
As pointed out in the comments, this is happening because Rails is caching.正如评论中所指出的,这是因为 Rails 正在缓存。
You can do the following to get around this issue.您可以执行以下操作来解决此问题。
In your ApplicationController
, put the following code在您的
ApplicationController
中,输入以下代码
class ApplicationController < ActionController::Base
before_action :set_cache_buster
private
def set_cache_buster
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end
end
You can delete the session completely by calling reset_session
.您可以通过调用
reset_session
完全删除 session 。 This invalidates the session identifier.这会使 session 标识符无效。 So that even if the user sent an old session cookie rails will not be able to unencrypt it and it will be rejected.
这样即使用户发送了一个旧的 session cookie rails 也无法解密它并且会被拒绝。
And also there is the issue that you are using resources:sessions
instead of resource:sessions
.还有一个问题是您使用的是
resources:sessions
而不是resource:sessions
。
Sessions from the users POV are a singular resource since they only can have one.来自用户 POV 的会话是一种单一资源,因为他们只能拥有一个。 There is no point in placing an ID in the path.
在路径中放置 ID 没有意义。 And in fact by doing
session_path(current_user)
you're kind of breaking REST since that is the ID of a user and not a session.实际上,通过执行
session_path(current_user)
,您有点破坏了 REST,因为这是用户的 ID,而不是 session。
See:看:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.