Rails：输入正确的用户名/密码后，用户身份验证未重定向

Question

I have a rails app, for some reason my login action does not work. I put in a correct username/password in, however it does not redirect to the desired 'menu' action. It just redirects me to the login action everytime (I have set that to happen when the login is unsucessful). I state unless session[:user_id] . When I input the wrong password on purpose, the flash message is correct, it says "Invalid Username/Password", when the correct one is input, it doesn't which means it recognises it, somehow the session is not being created. Below is my code

Application Controller

protected
def confirm_logged_in
    unless session[:user_id]
        flash[:notice] = "Please Log In"
        redirect_to(:controller => 'access', :action => 'login')
        return false
    else
        return true
    end
end

Access Controller (Where the magic should be happening)

Class AccessController < ApplicationController

layout 'admin'

before_filter :confirm_logged_in, :except => [:login, :attempt_login, :logout]

def index
    menu
    render('menu')
end

def menu
    #display text & links
end

def login
    #login form
end

def attempt_login
    authorised_user = AdminUser.authenticate(params[:username], params[:password])
    if authorised_user
        flash[:notice] = "You are now logged in"
        redirect_to(:action => 'menu')
    else
        flash[:notice] = "Invalid username/password"
        redirect_to(:action => 'login')
    end
end

def logout
    session[:user_id] = nil
    session[:username] = nil
    flash[:notice] = "You have been logged out"
    redirect_to(:action => 'login')
end

end

AdminUser Model

require 'digest/sha1'

class AdminUser < ActiveRecord::Base

# because we created a migration to change the name of the users tabe to admin_users we have   to specify
# set_table_name("admin_users")
# or we can change the class name and file name like we did
attr_accessible :first_name, :last_name, :username, :email 
attr_accessor :password
attr_protected :hashed_password, :salt

scope :named, lambda {|first,last| where(:first_name => first, :last_name => last)}

has_and_belongs_to_many :pages
has_many :section_edits
has_many :sections, :through => :section_edits

EMAIL_REGEX = /^[A-Z0-9._%+-]+@[A-Z)0-9.-]+\.[A-Z]{2,4}$/i

validates_presence_of :first_name
validates_presence_of :last_name
validates_presence_of :username

validates_length_of :first_name, :maximum => 25
validates_length_of :last_name, :maximum => 50
validates_length_of :username, :within => 3..25

validates_length_of :password, :within => 8..25, :on => :create

validates_uniqueness_of :username

validates :email, :presence => true, :length => {:maximum => 100}, :format => EMAIL_REGEX, :confirmation => true

before_save :create_hashed_password
after_save :clear_password

def self.authenticate(username="", password="")
user = AdminUser.find_by_username(username)
if user && user.password_match?(password)
  return user
else
  return false
end
end

def password_match?(password="")
hashed_password == AdminUser.hash_with_salt(password,salt) 
end

def self.make_salt(username="")
Digest::SHA1.hexdigest("User #{username} with #{Time.now} to make salt")
end

def self.hash_with_salt(password="", salt="")
Digest::SHA1.hexdigest("Put #{salt} on the #{password}")
end

private

def create_hashed_password
unless password.blank?
  self.salt = AdminUser.make_salt(username) if salt.blank?
  self.hashed_password = AdminUser.hash_with_salt(password,salt)
end
end

def clear_password
self.password = nil
end

end

Answer 1

I found the solution. It was pretty simple. The problem was that I did not create the sessions when the login was made, this is why the login did not recognise the sessions because they were not initialised. In the Access Controller I simply changed it to this :

def attempt_login
    authorised_user = AdminUser.authenticate(params[:username], params[:password])
    if authorised_user
        session[:user_id] = authorised_user.id
        session[:username] = authorised_user.username
        flash[:notice] = "You are now logged in"
        redirect_to(:action => 'menu')
    else
        flash[:notice] = "Invalid username/password"
        redirect_to(:action => 'login')
    end
end

The amendments are the two session lines added to the code