binarylogic / authlogic_example

Click here to lend your support to: authlogic_example and make a donation at www.pledgie.com !

An example rails app using the Authlogic authentication library — Read more

Sort by: Priority | Votes | Last Updated

Loading…

3.

0 votes

Logout does not log out user with cookie
1 comment Created 7 months ago by dramsay

Title

Body
In the example app, you have the destroy method in the user_sessions controller. However, this method does not delete the cookie set if the user clicks "Remember me". Therefore the user could click a logout link and think they're safely out of the application. Meanwhile, someone else could come along and get right back into the secure areas of the application and view the first user's data.
or cancel

In the example app, you have the destroy method in the user_sessions controller. However, this method does not delete the cookie set if the user clicks "Remember me".

Therefore the user could click a logout link and think they're safely out of the application. Meanwhile, someone else could come along and get right back into the secure areas of the application and view the first user's data.

Comments

dramsay Thu Jun 04 10:21:36 -0700 2009 | link

Never mind, had an old version of authlogic and was following the example too literally. You might want to update the example config/environment.rb to specify the newer version of authlogic.

Comment
Never mind, had an old version of authlogic and was following the example too literally. You might want to update the example config/environment.rb to specify the newer version of authlogic.
or cancel

Parsed with GitHub Flavored Markdown

Labels