我已经完成了Michael Hartl的教程,现在我用它来构建一个项目.对于身份验证/授权,我基本上使用的是教程和我用它构建的示例应用程序中的相同代码.在我的项目中虽然注销(销毁会话)不起作用.点击退出链接后,它会重定向到主页,但它在导航中有错误的链接,我仍然可以访问我不应该访问的页面(表示我仍然登录),我不能弄清楚什么是错的.有任何想法吗?
会话控制器
class SessionsController < ApplicationController
def new
render 'new'
end
def create
user = User.find_by_email(params[:session][:email])
if user && user.authenticate(params[:session][:password])
sign_in user
redirect_to user
else
flash.now[:error] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
sign_out
redirect_to root_path
end
end
会议助手
module SessionsHelper
def sign_in(user)
cookies.permanent[:remember_token] = user.remember_token
self.current_user = user
end
def signed_in?
!current_user.nil?
end
def current_user=(user)
@current_user = user
end
def current_user
@current_user ||= User.find_by_remember_token(cookies[:remember_token])
end
def current_user?(user)
user == current_user
end
def sign_out
self.current_user = nil
cookies.delete(:remember_token)
end
end
标题链接
<header>
<h1><%= link_to image_tag('logo.gif'), root_path %></h1>
<div id="login-sec">
<div class="login-row">
<div class="col">
<% if signed_in? %>
<ul>
<li><%= link_to "Signout", signout_path, method: "delete" %></li>
</ul>
<% else %>
<ul>
<li><%= link_to "Forgot Password", "#" %></li>
<li class="last"><%= link_to "New user register here", signup_path %> </li>
</ul>
<br /><br /><center><%= link_to image_tag('go-btn.png'), signin_path %></center>
<% end %>
</div>
</header>
用户模型(记住令牌的位置)
class User < ActiveRecord::Base
attr_accessible :company, :name, :email, :password, :password_confirmation
has_secure_password
before_save { |user| user.email = email.downcase }
before_save :create_remember_token
validates :name, presence: true, length: { maximum: 70 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true,
format: { with: VALID_EMAIL_REGEX },
uniqueness: { case_sensitive: false }
validates :password, presence: true, length: { minimum: 6 }
validates :password_confirmation, presence: true
private
def create_remember_token
self.remember_token = SecureRandom.urlsafe_base64
end
end
路线文件
App::Application.routes.draw do
resources :users
resources :sessions, only: [:new, :create, :destroy]
root to: 'static_pages#home'
match '/about', to: 'static_pages#about'
match '/contact', to: 'static_pages#contact'
match '/signup', to: 'users#new'
match '/about-yourself', to: 'users#about-yourself'
match '/signin', to: 'sessions#new'
match '/signout', to: 'sessions#destroy', via: :delete
最佳答案 弄清楚了.在我进行注销操作之前,我创建了用户,因此我可以测试登录和注册操作.不记得为这些用户创建了令牌,因此他们总是登录并且没有记住要销毁的令牌