Topic: acts_as_authenticated keeps losing session


I initially set up acts_as_authenticated to require a user login before accessing and updating pages on my recipe site. This worked fine with no problems with the user session.

Now, I have changed the setup so that a few pages are available to the public, while others that involve create/update/delete actions require a user that is logged in. So I created a login form as a partial to include on every single page. The sign in form displays if not logged in; if the user is logged in it will display a welcome message to the user.

Right now, when listing entries that have already been created, I can see myself logged in (the session is present on this page). When I go to create a new recipe I am still logged in, however, once I submit the form, my session is lost and my user ID is not recorded into the database. Even more confusing is right when I try to view a recipe for editing - I completely lose the session on the edit page (sign in form redisplays, and debugging my session variables show that I have no user session and @current_user is nil). I'm wondering whether it's the new structure of the login partial on each page that's affecting this weird behaviour... my create/edit pages were built up the same way and were working perfectly before implementing the login partial.


<% if flash[:notice] %>
    <%= flash[:notice] %>
<% end %>

<% if logged_in? %>
    <%= 'Welcome, ' + current_user.first_name + "! &raquo; " %>
    <%= link_to 'Logout', :controller => 'account', :action => 'logout' %>
<% else %>
    <% form_for :login, login do %>
    <p><label for="login">Login</label><br/>
    <%= text_field_tag 'login', login %></p>
    <p><label for="password">Password</label><br/>
    <%= password_field_tag 'password' %></p>
    <p><label for="remember_me">Remember me:</label>
    <%= check_box_tag 'remember_me' %></p>
    <p><%= submit_tag 'Log in' %></p>
    <% end %>
<% end %>

And this is how I render it:
<%= render :partial => 'account/login', :locals => { :current_user => @current_user, :login => @login }  %>

class ApplicationController < ActionController::Base
  # Pick a unique cookie name to distinguish our session data from others'
  session :session_key => '_recipesite_session_id'
  # Make all the authentication methods available to all controllers
  include AuthenticatedSystem
  # "remember me" functionality
  before_filter :login_from_cookie

  # Make session information and login action accessible to all controllers
  before_filter :current_user
  before_filter :login
  def login
    return unless
    self.current_user = User.authenticate(params[:login], params[:password])
    if logged_in?
      if params[:remember_me] == "1"
        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
        session[:user] = User.find_by_id(self.current_user)
      redirect_back_or_default(:controller => '/recipe', :action => 'index')

Any advice would be greatly appreciated!


Last edited by miss_michelle (2007-10-09 13:28:23)