0

如果只是登录,我的记住功能仍然会创建一个永久 cookie。我遵循以下教程:http://railscasts.com/episodes/274-remember-me-reset-password

这是我所拥有的

会话控制器

class SessionsController < ApplicationController
  def new
    if current_customer
        redirect_to current_customer
    end
  end
  def create
    customer = Customer.find_by_email(params[:email])
        if customer && customer.authenticate(params[:password])
        if params[:remember_me]
        cookies.permanent[:auth_token] = customer.auth_token
        else
        cookies[:auth_token] = customer.auth_token
        end
            redirect_to customer, :notice => "Logged in!"
        else
            flash.now.alert = "Invalid email or password"
            render "new"
        end
  end

  def destroy
    cookies.delete(:auth_token)
    redirect_to root_url, :notice => "Logged out!"
  end
end

应用控制器

class ApplicationController < ActionController::Base
  protect_from_forgery

  force_ssl

  private

    def authorize
        redirect_to login_url, alert: "Not authorized" if current_customer.nil?
    end

    def current_customer
      @current_customer ||= Customer.find_by_auth_token(cookies[:auth_token]) if cookies[:auth_token]
    end
    helper_method :current_customer
end

如果没有检查参数以确保不存在其他 cookie,我正在考虑添加删除。但这似乎不起作用

4

2 回答 2

0

也许您应该在班级顶部调用 helper_method 。

于 2012-07-26T08:47:21.340 回答
0

尝试添加

  reset_session

到你的破坏行动。

于 2012-07-26T16:19:01.713 回答