Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Hi Dear #277

Closed
wants to merge 1 commit into from

1 participant

@lewisou

I just did a single sign on with Authlogic by simply sharing the cookie. It's so simple and cool. Once you logged into a single application, you logged into all applications.

I don't want to share database between my applications, so I synchronize user data to all applications that have their own database.

I can easily synchronize all user data (persistence_token, login and crypted_password) between my applications, but id(primary key) because the id is special and increased by the sequence automatically. so that the same user with same login and persistence_token has different id in different application.

So please do not store the primary key in cookies. I think persistence_token works so good, why do we still need to store primary key?

@ghost

This is for quicker lookups and also added verification.

@ghost ghost closed this
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Aug 9, 2011
  1. @lewisou
This page is out of date. Refresh to see the latest.
View
2  lib/authlogic/session/cookies.rb
@@ -165,7 +165,7 @@ def persist_by_cookie
def save_cookie
controller.cookies[cookie_key] = {
- :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
+ :value => "#{record.persistence_token}",
:expires => remember_me_until,
:secure => secure,
:httponly => httponly,
View
2  test/session_test/cookies_test.rb
@@ -120,7 +120,7 @@ def test_after_save_save_cookie
ben = users(:ben)
session = UserSession.new(ben)
assert session.save
- assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
+ assert_equal "#{ben.persistence_token}", controller.cookies["user_credentials"]
end
def test_after_destroy_destroy_cookie
Something went wrong with that request. Please try again.