Databases
StackOverflow2013
Postsdbo
PORails -- "remember me" capability
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PORails -- "remember me" capability
    text
    copied!<p>I am having trouble understanding the implementation of "Remember Me" in the Ruby on Rails Tutorial by Michael Hartl. He creates a SessionsHelper module with methods for signing in, containing the following:</p> <pre><code>module SessionsHelper def sign_in(user) cookies.permanent.signed[:remember_token] = [user.id, user.salt] current_user = user end def current_user=(user) @current_user = user end def current_user return @current_user ||= user_from_remember_token end private def user_from_remember_token #passes array of length two as a parameter -- first slot contains ID, #second contains SALT for encryption User.authenticate_with_salt(*remember_token) end def remember_token #ensures return of a double array in the event that #cookies.signed[:remember_token] is nil. cookies.signed[:remember_token] || [nil,nil] end end </code></pre> <p><em>NOTE: The</em> <code>authenticate_with_salt</code> <em>method in the User model finds the user by the first parameter (the id) and if the user is defined and its salt is equivalent to the second parameter (the salt) then the user is returned, otherwise nil is returned.</em></p> <p>I am having trouble understanding why we go to such lengths to test if the user has already been signed in:</p> <p>In the event that the user is signed in, <code>@current_user</code> is already defined by the <code>sign_in</code> method and therefore the ||= in the <code>current_user</code> method is meaningless.</p> <p>In the event that the user is not signed in, the ||= operator in the <code>current_user</code> method returns the value returned by the <code>user_from_remember_token</code> method, but since cookies.signed[:remember_token] would be nil, <code>User.authenticate_with_salt</code> would be passed the [nil,nil] argument and would return nil, and therefore, the <code>current_user</code> method would return nil.</p> <p>In short, if the <code>current_user</code> method is returning @current_user if it is defined and nil otherwise, wouldn't it be much simpler to just use the conventional accessor method:</p> <pre><code>def current_user return @current_user end </code></pre> <p>Michael Hartl's book says that doing this would be useless because the user's sign in status would be forgotten. Why would that be the case??? Can someone please explain why we do not do this and instead use the much more intricate version posted above?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload