浏览 515 次
|
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
|
|
|---|---|
| 作者 | 正文 |
|
最后更新时间:2008-01-18
我遇到这样的一个问题,我在LIBS包下写了这么一个MODULE
module AuthenticationSystem
protected
# this is used to keep track of the last time a user has been seen (reading a topic)
# it is used to know when topics are new or old and which should have the green
# activity light next to them
#
# we cheat by not calling it all the time, but rather only when a user views a topic
# which means it isn't truly "last seen at" but it does serve it's intended purpose
#
# this could be a filter for the entire app and keep with it's true meaning, but that
# would just slow things down without any forseeable benefit since we already know
# who is online from the user/session connection
#
# This is now also used to show which users are online... not at accurate as the
# session based approach, but less code and less overhead.
def update_last_login_at
return unless logged_in?
User.update_all ['last_login_at = ?', Time.now], ['id = ?', current_user.id]
current_user.last_login_at = Time.now
end
def login_required
login_by_token unless logged_in?
redirect_to :controller=>"main",:action=>"login" unless logged_in?
end
def login_by_token
self.current_user = User.find_by_name_and_password(*cookies[:login_token].split(";")) if cookies[:login_token] and not logged_in?
end
def authorized?() true end
def current_user=(value)
if @current_user = value
session[:user_id] = @current_user.id
update_last_login_at
end
end
def current_user
@current_user ||= ((session[:user_id] && User.find_by_id(session[:user_id])) || 0)
end
def logged_in?
current_user != 0
end
def admin?
#logged_in? && current_user.admin?
end
end
然后我在application.rb中这样写的 include AuthenticationSystem before_filter :login_by_token,:configure_charsets 接着问题就来了,在IE7中没有任何问题,但是在FIREFOX中就出问题了 ActionController::InvalidAuthenticityToken in MainController#check ActionController::InvalidAuthenticityToken 不知道大家知道是什么意思吗? 后来查了下,我在application.rb中加了这么一句就好了 include AuthenticationSystem self.allow_forgery_protection = false before_filter :login_by_token,:configure_charsets 不太清楚,希望大家能指点下,谢谢 声明:JavaEye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
|
| 返回顶楼 | |
|
最后更新时间:2008-01-18
不是login_by_token的问题,是你的表单没有用rails自带的form_for或者form_tag,remote_form_for,remote_form_tag构造。
去掉allow_forgery_protection是不好的主意,如果实在需要,请使用<%= token_tag %>生成表单token。 |
| 返回顶楼 | |
|
最后更新时间:2008-01-21
<% form_for :user, :url => "/main/check" do |f| %> <p> <label for="login">用户名</label><br /> <%= f.text_field :name %> </p> <div id="password_fields"> <p> <label for="password">密码</label><br /> <%= f.password_field :password %> </p> <p><label><%= check_box_tag "remember_me", "1", true %> 下次自动登录</label></p> </div> <p><%= submit_tag '登录' %></p> <%end%> 代码用了form_for的啊? |
| 返回顶楼 | |
