E. Litwin wrote:
> When are you saving the user_id to the session?
>
> You need to force a redirect to a login page if there is no session
> [:user_id] and you should also handle the fact that session[:user_id]
> may be nil in your is_logged_in? method.
>
Its saved in the login method:
user = User.find_by_user_name(@user.user_name)
if user and user.password_matches?(@user.password)
user.login!(session)
if @user.remember_me == "1"
cookies[:remember_me] = { :value => "1",
:expires => 10.years.from_now }
user.authorization_token = Digest::SHA1.hexdigest(
"#{user.user_name}:#{user.password}")
I have a redirect if someone tries to access the admin privileges if
thats what you mean?
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
