Authlogic keeps logging out with BCrypt.cost #73

Open
shaicoleman opened this Issue Nov 23, 2009 · 1 comment

2 participants

@shaicoleman

There's a bug that causes AuthLogic to only maintain one session at a time. It is caused by BCrypt and the BCrypt.cost parameter. When one session starts, all the other sessions will be invalidated/logged out.

To reproduce, make the following changes in the AuthLogic Example, and register a new user after making those changes.

user.rb:
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.crypto_provider = Authlogic::CryptoProviders::BCrypt
end
end

config/initializers/authlogic.rb
Authlogic::CryptoProviders::BCrypt.cost = 1

Removing the BCrypt.cost line seems to solve the issue.

@tiegz
Collaborator

@shaicoleman old ticket, but I'm thinking this could be bc Authlogic in the past wasn't aware of the bcrypt gem's min cost, which was fixed recently. Ok to close?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment