DISQUS

Neil · 1 year ago

Dave, have you worked on any apps with a 'ban user' feature which immediately ends any session associated with the respective user? Apparently it's lot easier with AR session store; I tried to find out how to do this using restful_authentication and cookie sessions (and I think I managed to hack something together) but there didn't seem to be much discussion on the topic.

Dave Rice · 1 year ago

Neil, actually I haven't had to implement something like that. You're right, that is probably another pro for ActiveRecord session storage. To implement it with the cookie store you'd probably have to store session id's when creating/updating a record, then when an admin determines the data to be bogus... you could delete all records tagged with that session id (or user id if you've got autentication) and add the session id to some ignore list? Yeah, probably easier with ActiveRecord :)

Neil · 1 year ago

Yes it's a 1up for AR session storage. I opted for what is probably a hugely inefficient approach (based on cookie sessions); authentication_system.rb has been hacked to include a check for current_user.enabled? at the same point at which it checks that the user is logged_in? (it all fits within the authorized? method which already existed in RA). It's an extra, frequent boolean check against current_user, but in a private beta app with only a few users and no benchmarking done yet, I'm not going to worry until things start to break down...

I'm glad I don't have to worry about sessions in the DB though.

webmirror · 3 months ago

Hi David,

you are my homonymous...
Nice to hear than a lot of Davids
are taking the "Rails Way" :@)
The only pretty annoyance is to
keep in touch with rail's Versions...
I was just looking about the new mode
to store sessions on a table 4 ror 2.3.x.
Keep free smiling, free looking and
Surf the waves ;@)

P.S. Not so easy to post as guest...