Ruby On Rails Tutorial Chapter 8 Confusion
Question
everybody! Recently, I am working on Michael Hartle's RoR tutorial. In chapter 8, I encounter one problem which has confused me for two days. Here is the problem. In section 8.2.3.
module SessionsHelper
def sign_in(user)
.
.
.
end
def current_user=(user)
@current_user = user
end
def current_user
@current_user # Useless! Don't use this line.
end
end
And Michael writes:
If we did this, we would effectively replicate the functionality of attr_accessor, which we saw in Section 4.4.5.5 The problem is that it utterly fails to solve our problem: with the code in Listing 8.21, the user's signin status would be forgotten: as soon as the user went to another page—poof!—the session would end and the user would be automatically signed out. To avoid this problem, we can find the user corresponding to the remember token created by the code in Listing 8.19, as shown in Listing 8.22.
The Listing 8.22.
module SessionsHelper
.
.
.
def current_user=(user)
@current_user = user
end
def current_user
@current_user ||= User.find_by_remember_token(cookies[:remember_token])
end
end
My questions are: Why the previous code would make the session log out automatically when user go to a new page? Why the second piece of code wouldn't? I think, as long as a user log in, the @current_user's value will always be "user" until he log out explicitly, right?
2 answers
solution1
2 2012-08-22 02:34:33
The previous code doesn't so much log the user out, as doesn't re-create the user on subsequent requests.
State is not shared across requests, and has to be re-created with every request. @current_user is an instance variable, and keeps it's value for the duration of a single request.
To get around the fact that state is not shared, with each request we need to reload necessary variables such as @current_user from something that is common across the session, in this case they're using the remember_token cookie.
The first snippet of code does not reload @current_user on each request, so will forget what value it held as soon as the user browses to another page after logging in, the second snippet attempts to load the current user via the remember_token cookie, so after this has been set when someone logs in, should remember the user until that cookie expires.
solution2
1 2012-08-22 02:35:15
What he is saying here is that when we use @current_user in the first example when not on a sign in page, we have not called @current_user = User.find(1). We are relying on it already having been set. Since we are not explicitly setting @current_user the following:
@current_user ||= User.find_by_remember_token(cookies[:remember_token])
Says if the @current_user is not set, then set it by finding the user using the id stored in the cookie. That way when we navigate to a page where we do not explicitly set the @current_user it will have been populated.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.