Hey all, When someone is on my login page, I have this:
<% form_for :user, :url => { :action => "login" } do |f| %> <%= f.label(:user_email, "User Email")%> <%= f.text_field(:email) %><br/> <%= f.label(:user_password, "User Password")%> <%= f.password_field(:password) %><br/> <%= f.submit("Login") %> <%= link_to 'Register', :action => 'signup' %> | <%= link_to 'Forgot my password', :action => 'forgot_password' %> <% end %> <%= flash_helper %> Note that flash_helper method calls this method in ApplicationHelper module: def flash_helper f_names = [:notice, :warning, :message] fl = '' for name in f_names if flash[name] fl = fl + "<div class=\"notice\">#{flash[name]}</div>" end flash[name] = nil; end return fl end During a post request to server, I call the authenticate class method on User class, passing in two parameters, an email string and password: def login if request.post? if session[:user] = User.authenticate(params[:user][:email], params[:user][:password]) flash[:message] = "Login successful" redirect_to :root else flash[:warning] = "Login unsuccessful" end end end authenticate is executed: def self.authenticate(email, pass) u=find(:first, :conditions=>["email = ?", email]) return nil if u.nil? return u if User.encrypt(pass, u.password_salt)==u.encrypted_password nil end It does some sql, finds the user, and then if it finds matching email address we call encrypt: def self.encrypt(pass, salt) Digest::SHA2.hexdigest(pass+salt) end which basically checks if the password and salt for that record match the one for that record in the encrypted_password field of users table. So everything works and user is returned to home page. (Note that I also tested a wrong apssword and system correctly gave flash error) But here's the problem. When returned to home page, the user still does not become current user! Because I have this in my home page: <% if current_user %> <%= link_to "Logout", logout_path %> <% else %> <%= link_to "Create Account", signup_path %> <%= link_to "Login", login_path %> <% end %> And it continues to shop me the login link rather than loggout, menaing the system has not captured the record that just signed in as the current_user. I am not sure why? I have this in application controller: def current_user @current_user ||= session[:user_id] && User.find(session[:user_id]) end So I presume that when the login process occurs the user id is stored in session, and assigned to current_user. but apparently it's not because when signing in the if current_user block returns false and it triggers the else statement instead. Thanks for response. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.