E. Litwin wrote: > When are you saving the user_id to the session? > > You need to force a redirect to a login page if there is no session > [:user_id] and you should also handle the fact that session[:user_id] > may be nil in your is_logged_in? method. >
Its saved in the login method: user = User.find_by_user_name(@user.user_name) if user and user.password_matches?(@user.password) user.login!(session) if @user.remember_me == "1" cookies[:remember_me] = { :value => "1", :expires => 10.years.from_now } user.authorization_token = Digest::SHA1.hexdigest( "#{user.user_name}:#{user.password}") I have a redirect if someone tries to access the admin privileges if thats what you mean? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---