ruby-on-rails-3 – 登出不工作轨道3.2

2019年8月3日 158次阅读

我已经完成了Michael Hartl的教程,现在我用它来构建一个项目.对于身份验证/授权,我基本上使用的是教程和我用它构建的示例应用程序中的相同代码.在我的项目中虽然注销(销毁会话)不起作用.点击退出链接后,它会重定向到主页,但它在导航中有错误的链接,我仍然可以访问我不应该访问的页面(表示我仍然登录),我不能弄清楚什么是错的.有任何想法吗？

会话控制器

class SessionsController < ApplicationController
 def new
render 'new'
end

def create
user = User.find_by_email(params[:session][:email])
if user && user.authenticate(params[:session][:password])
  sign_in user
  redirect_to user
else
  flash.now[:error] = 'Invalid email/password combination'
  render 'new'
end
end

def destroy
 sign_out
 redirect_to root_path
end
end

会议助手

module SessionsHelper

  def sign_in(user)
cookies.permanent[:remember_token] = user.remember_token
self.current_user = user
end

def signed_in?
!current_user.nil?
end

def current_user=(user)
@current_user = user
end

def current_user
@current_user ||= User.find_by_remember_token(cookies[:remember_token])
end

def current_user?(user)
user == current_user
end

def sign_out
self.current_user = nil
cookies.delete(:remember_token)
end
end

标题链接

  <header>
          <h1><%= link_to image_tag('logo.gif'), root_path %></h1>
           <div id="login-sec">
          <div class="login-row">
            <div class="col">

            <% if signed_in? %>

            <ul>
              <li><%= link_to "Signout", signout_path, method: "delete" %></li>
            </ul>

            <% else %>  

            <ul>
                <li><%= link_to "Forgot Password", "#" %></li>
                <li class="last"><%= link_to "New user register here", signup_path %>               </li>
            </ul>

            <br /><br /><center><%= link_to image_tag('go-btn.png'), signin_path %></center>
            <% end %>

          </div>
        </header>

用户模型(记住令牌的位置)

class User < ActiveRecord::Base
attr_accessible :company, :name, :email, :password, :password_confirmation
has_secure_password

before_save { |user| user.email = email.downcase }
before_save :create_remember_token

validates :name,  presence: true, length: { maximum: 70 }
VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
validates :email, presence: true, 
                  format: { with: VALID_EMAIL_REGEX },
                  uniqueness: { case_sensitive: false }
validates :password, presence: true, length: { minimum: 6 }
validates :password_confirmation, presence: true        

private

def create_remember_token
  self.remember_token = SecureRandom.urlsafe_base64
end       
end

路线文件

App::Application.routes.draw do
resources :users
resources :sessions, only: [:new, :create, :destroy]

root to: 'static_pages#home'

match '/about',          to: 'static_pages#about'
match '/contact',        to: 'static_pages#contact'
match '/signup',         to: 'users#new'
match '/about-yourself', to: 'users#about-yourself'
match '/signin',         to: 'sessions#new'
match '/signout',        to: 'sessions#destroy', via: :delete

最佳答案弄清楚了.在我进行注销操作之前,我创建了用户,因此我可以测试登录和注册操作.不记得为这些用户创建了令牌,因此他们总是登录并且没有记住要销毁的令牌