[rspec-users] step definitons to check login
nick at deadorange.com
Mon Feb 9 09:56:29 EST 2009
On 17/12/2008, at 9:56 AM, James Byrne wrote:
> Re: authlogin
> Can someone familiar with this gem explain where and how the
> user_sessions are maintained? I have pawed through the code but it
> left me rather more confused than not. The best inkling I can
> arrive at
> is that the authlogic persistence token is stored in the session data
> and that the UserSession model serially searches sessions for that
> string in whatever store medium that the Rails application is using.
> However, I cannot seem to identify exactly where and how this is
> done in
> the code. Advice would be welcome.
G'day James. I know this was like 2 months ago, but I finally got
around to reading the rest of this thread.
The last version of AuthLogic that I used was 1.0.1, so things might
have changed a bit since then. Nonetheless...
Authlogic uses a model called UserSession to deal with login sessions.
If you have a look at UserSessionsController, you'll see that there
are only three methods:
When a user wants to login, they call UserSessionsController#new,
which renders a login form. The login form submits to
UserSessionsController#create, which authenticates the user. If
successful, the session is saved, which causes the application to
consider the user "logged-in".
When a user wants to logout, they simply visit
UserSessionsController#destroy . This kills their UserSession object,
which results in the application considering them as "not logged-in".
I hope that helps. If you have other questions, feel free to post
here, or email me privately, or email Authlogic's author; he's quite
More information about the rspec-users