[rspec-users] step definitons to check login

Nick Hoffman nick at deadorange.com
Mon Feb 9 09:56:29 EST 2009

On 17/12/2008, at 9:56 AM, James Byrne wrote:
> Re: authlogin
> Can someone familiar with this gem explain where and how the
> user_sessions are maintained?   I have pawed through the code but it  
> has
> left me rather more confused than not.  The best inkling I can  
> arrive at
> is that the authlogic persistence token is stored in the session data
> and that the UserSession model serially searches sessions for that  
> token
> string in whatever store medium that the Rails application is using.
> However, I cannot seem to identify exactly where and how this is  
> done in
> the code.  Advice would be welcome.

G'day James. I know this was like 2 months ago, but I finally got  
around to reading the rest of this thread.

The last version of AuthLogic that I used was 1.0.1, so things might  
have changed a bit since then. Nonetheless...

Authlogic uses a model called UserSession to deal with login sessions.  
If you have a look at UserSessionsController, you'll see that there  
are only three methods:
   * new
   * create
   * destroy

When a user wants to login, they call UserSessionsController#new,  
which renders a login form. The login form submits to  
UserSessionsController#create, which authenticates the user. If  
successful, the session is saved, which causes the application to  
consider the user "logged-in".

When a user wants to logout, they simply visit  
UserSessionsController#destroy . This kills their UserSession object,  
which results in the application considering them as "not logged-in".

I hope that helps. If you have other questions, feel free to post  
here, or email me privately, or email Authlogic's author; he's quite  


More information about the rspec-users mailing list