已解决:抱歉,大家,我通过执行 db:reset 并修复了导致一些问题的之前过滤方法之一自行解决了该问题。
每当我在本地主机上运行我的应用程序时,我都会立即登录。我在多个浏览器上尝试了这一点,每次都会发生同样的事情。注销功能也不起作用。我不知道该怎么办。我在这里有该应用程序的存储库... https://github.com/thejourneydude/template
我的问题是,为什么我的注销功能不起作用,为什么每当我访问本地主机时都会自动登录?我正在遵循 Hartl 的教程,但有一些偏差,所以如果您已经完成了教程,这应该看起来很熟悉。
这是 session Controller 页面...
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
#sign user in
sign_in user
redirect_back_or user
else
#create an error
render 'new'
flash.now[:error] = "Invalid email/password combination"
end
end
def destroy
sign_out
redirect_to root_url
end
end
这是 session 帮助页面...
module SessionsHelper
def sign_in(user)
session[:remember_token] = user.remember_token
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
@current_user = user
end
def current_user
@current_user ||= User.find_by_remember_token(session[:remember_token])
end
def current_user?(user)
user == current_user
end
def sign_out
self.current_user = nil
session.delete(:remember_token)
end
def redirect_back_or(default)
redirect_to(session[:return_to] || default)
session.delete(:return_to)
end
def store_location
session[:return_to] = request.url
end
end
这是我的用户模型页面
class User < ActiveRecord::Base
attr_accessible :name, :email, :password, :password_confirmation
has_secure_password
before_save { |user| user.email = email.downcase }
before_save :create_remember_token
validates :name, presence: true, length: { maximum: 50 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: {
case_sensitive: false }
validates :password, length: {minimum: 6}
validates :password_confirmation, presence: true
private
def create_remember_token
self.remember_token = SecureRandom.urlsafe_base64
end
end
为了好玩,这是我每次点击退出按钮时的开发日志。
Started DELETE "/signout" for 127.0.0.1 at 2012-11-09 20:38:32 -0500
Processing by SessionsController#destroy as HTML
Parameters: {"authenticity_token"=>"i9mqiuYTW3YWxNU5h1RdtgTeb/2oOWPJU2yjjZQWMfw="}
Redirected to http://localhost:3000/
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
Started GET "/" for 127.0.0.1 at 2012-11-09 20:38:32 -0500
Processing by StaticPagesController#home as HTML
Rendered static_pages/home.html.erb within layouts/application (1.2ms)
Rendered layouts/_shim.html.erb (0.1ms)
[1m[36mUser Load (1.1ms)[0m [1mSELECT "users".* FROM "users" WHERE
"users"."remember_token" IS NULL LIMIT 1[0m
Rendered layouts/_header.html.erb (6.9ms)
Rendered layouts/_footer.html.erb (1.4ms)
Completed 200 OK in 83ms (Views: 81.1ms | ActiveRecord: 1.1ms)
最佳答案
我在您发布的代码中看到的唯一问题是当前用户方法当前不检查 session 中是否存在 Remember_token。
def current_user
@current_user ||= User.find_by_remember_token(session[:remember_token])
end
如果未设置remember_token,上述代码将导致一个查询尝试查找没有remember_token的用户。如果它找到这样的用户,它将登录该用户。
虽然我看到您有一个 after_create 回调用于为用户设置记住 token ,但您的开发数据库可能包含在添加回调之前创建的这样一个用户。
最好更改代码,以便在查询数据库之前检查 Remember_token 是否存在
def current_user
if session_token[:remember_token]
@current_user ||= User.find_by_remember_token(session[:remember_token])
end
end
关于ruby-on-rails - Rails 自动登录,无法注销,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13318299/