[Rails] Re: Holding a logged
Gleb Arshinov
gleb at barsook.com
Fri Nov 5 22:35:48 GMT 2004
>>>>> "John" == John Wilger <johnwilger at gmail.com> writes:
John> There are certainly a lot of ways you could approach this,
John> however the most straightforward is to simply store the
John> Person object representing the logged in user directly in
John> the session. You could create a LoginController with an
John> authenticate action that finds the correct Person object
John> (based on username and password supplied) and inserts that
John> object into a session variable
John> (i.e. @session['current_user'] =
John> authenticated_user_person_object).
Session is serialized into a cookie, right? Is this encrypted to
protect the user from updating the value and pretending to be someone
he is not?
Gleb
More information about the Rails
mailing list