Permalink
Browse files

Updated readme on session updating

  • Loading branch information...
1 parent c00672f commit 718f2cf5cd12de035595eddf782b8ccc359b0d7c @binarylogic committed Oct 25, 2008
Showing with 12 additions and 2 deletions.
  1. +9 −1 README.rdoc
  2. +3 −1 lib/authgasm/acts_as_authentic.rb
View
@@ -146,7 +146,15 @@ Just like ActiveRecord you can create your own hooks / callbacks so that you can
== Automatic Session Updating
-This is one of my favorite features that I think is pretty cool. What if a user changes their password? You have to re-log them in with the new password, recreate the session, etc, pain in the ass. Or what if a user creates a new user account? You have to do the same thing. It makes your UsersController kind of dirty and it's kind of annoying. What's cool about this is that we pulled the UserSession down into the models, where we can play around with it. Why not have the User model take care of this for us in an after_save? Now you don't have to worry about it at all. In fact, the acts_as_authentic method has an option to do this automatically for you. Authgasm might be a little too awesome. So...
+This is one of my favorite features that I think its pretty cool. It's things like this that make a library great and set it apart from other libraries.
+
+What if a user changes their password? You have to re-log them in with the new password, recreate the session, etc, pain in the ass. Or what if a user creates a new user account? You have to do the same thing. Here's an even better one: what if a user is in the admin area and changes his own password? There might even be another place passwords can change.
+
+Instead of updating sessions all over the place, doesn't it make sense to do this at a lower level? Like the User model? You're saying "but Ben, models can't mess around with sessions and cookies". True...but with Authgasm they can. I know in most situations it's not good practice to do this but I view this in the same class as sweepers, and feel like it actually is good practice here.
+
+So, acts_as_authentic takes care of this for you by adding an after_create and after_update callback to automatically keep the session up to date. You don't have to worry about it anymore. Don't even think about it. Let your UsersController deal with users, not users AND sessions.
+
+A simple example...
@current_user.password = "my new password"
@current_user.confirm_password = "my new password"
@@ -43,7 +43,7 @@ module ClassMethods
# * <tt>password_salt_field:</tt> default: depends on which columns are present, checks: password_salt, pw_salt, salt, if none are present defaults to password_salt. This is the name of the field your salt is stored, only relevant for a hash crypto provider.
# * <tt>remember_token_field:</tt> default: options[:session_class].remember_token_field, the name of the field your remember token is stored. What the cookie stores so the session can be "remembered"
# * <tt>logged_in_timeout:</tt> default: 10.minutes, this allows you to specify a time the determines if a user is logged in or out. Useful if you want to count how many users are currently logged in.
- # * <tt>session_ids:</tt> default: [nil], the sessions that we want to automatically reset when a user is created or updated so you don't have to worry about this. Set to [] to disable. Should be an array of ids. See Authgasm::Session::Base#initialize for information on ids.
+ # * <tt>session_ids:</tt> default: [nil], the sessions that we want to automatically reset when a user is created or updated so you don't have to worry about this. Set to [] to disable. Should be an array of ids. See Authgasm::Session::Base#initialize for information on ids. The order is important. The first id should be your main session, the session they need to log into first. This is generally nil, meaning so explicitly set id.
def acts_as_authentic(options = {})
# Setup default options
options[:session_class] ||= "#{name}Session".constantize
@@ -168,6 +168,8 @@ def randomize_#{options[:password_field]}!
protected
def create_sessions!
+ return if #{options[:session_ids].inspect}.blank?
+
# We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
# that need to be created after logging into the main session.
session_id = #{options[:session_ids].inspect}.first

0 comments on commit 718f2cf

Please sign in to comment.