因此,我一直在一个新的Rails 6应用程序中使用authlogic,只是为了查看我是否想开始使用它来简化其他一些应用程序中的身份验证。我基本上已经按照github repo上的指示进行了所有设置,尽可能地准了。除用户注销外,其他一切似乎都正常。在Chrome浏览器中,一切似乎都按预期进行,用户已按预期退出。但是由于某些原因,访问/ logout路由实际上并没有注销用户-Web控制台显示user_credentials cookie从未删除,用户保持登录状态(尽管显示了Flash,所以正在选择正确的路由)。
奇怪的是,如果我添加logout_on_timeout功能并手动将current_user.last_request_at设置为20分钟前,则我已按预期在两种浏览器中注销了。
除了包含登录/注销和注册链接的pages#index页之外,我将在下面包括所有相关代码,唯一不符合标准的新Rails应用样板就是authlogic。我尝试了current_user_session.destroy(建议使用的session.destroy替代方法),并使用cookies.delete手动清除cookie。
我感觉这是基本的东西,也许是配置选项,与cookie的发送方式有关?但我只花了几个小时就想出是怎么回事。有什么想法吗?
gem 'scrypt', '~> 3.0'
gem 'authlogic', '~> 6.0'
class UserSessionsController < ApplicationController
def new
@user_session = UserSession.new
end
def create
@user_session = UserSession.new(user_session_params.to_h)
if @user_session.save
flash[:success] = 'You have been logged in.'
redirect_to root_path
else
flash.now[:danger] = 'Unable to log you in'
render :new
end
end
def destroy
current_user_session.destroy
# session.destroy - tried this as well
flash[:success] = 'You have been logged out.'
redirect_to root_path
end
private
def user_session_params
params.require(:user_session).permit(:email, :password, :remember_me)
end
end
class ApplicationController < ActionController::Base
helper_method :current_user_session, :current_user
private
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.user
end
end
class UserSession < Authlogic::Session::Base
logout_on_timeout true
end
class User < ApplicationRecord
acts_as_authentic do |c|
c.crypto_provider = ::Authlogic::CryptoProviders::SCrypt
end
validates :email,
format: {
with: /@/,
message: "should look like an email address"
},
length: { maximum: 100 },
uniqueness: {
case_sensitive: false,
if: :will_save_change_to_email?
}
validates :password,
confirmation: { if: :require_password? },
length: {
minimum: 8,
if: :require_password?
}
validates :password_confirmation,
length: {
minimum: 8,
if: :require_password?
}
end
仅测试登录/退出功能
<% if current_user %>
<p>Logged in as <strong><%= current_user.email %></strong>. <%= link_to 'Log Out', user_session_path, method: :delete %></p>
<% else %>
<p>You are not logged in. <%= link_to 'Log In', new_user_session_path %> or <%= link_to 'Register', new_user_path %></p>
<% end %>
class CreateUsers < ActiveRecord::Migration[6.0]
def change
create_table :users do |t|
# Authlogic::ActsAsAuthentic::Email
t.string :email
t.index :email, unique: true
# Authlogic::ActsAsAuthentic::Password
t.string :crypted_password
t.string :password_salt
# Authlogic::ActsAsAuthentic::PersistenceToken
t.string :persistence_token
t.index :persistence_token, unique: true
# Authlogic::ActsAsAuthentic::SingleAccessToken
t.string :single_access_token
t.index :single_access_token, unique: true
# Authlogic::ActsAsAuthentic::PerishableToken
t.string :perishable_token
t.index :perishable_token, unique: true
# See "Magic Columns" in Authlogic::Session::Base
t.integer :login_count, default: 0, null: false
t.integer :failed_login_count, default: 0, null: false
t.datetime :last_request_at
t.datetime :current_login_at
t.datetime :last_login_at
t.string :current_login_ip
t.string :last_login_ip
# See "Magic States" in Authlogic::Session::Base
# t.boolean :active, default: false
# t.boolean :approved, default: false
# t.boolean :confirmed, default: false
# Additional
t.string :first_name
t.string :last_name
t.string :unconfirmed_email
t.index :unconfirmed_email, unique: true
t.timestamps
end
end
end
您的问题是否出现在非SSL环境(即本地测试)上?
在这种情况下,建议您尝试以下修复。我有一个类似的问题可以通过此方法解决:
您已将其放入会话模型中。可以做这样的事情:
class UserSession < Authlogic::Session::Base secure !!Rails.application.config.force_ssl end(注意,我认为
force_ssl将在Rails 6.1中删除]
来源:https://github.com/binarylogic/authlogic/issues/719#issuecomment-631509593