如何删除 rails 中的会话?
How to delete session in rails?
即使在注销后,我也可以通过单击搜索栏上的后退按钮登录到应用程序。
由于一些奇怪的原因,我无法完全删除会话。
我没有使用任何 gem。我想从头开始创建 rails 身份验证。
会话控制器:
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
log_in user
redirect_to user
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
reset_session
redirect_to root_path
end
end
应用程序助手
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
helper_method :current_user,:logged_in?, :logged_in_user,:current_user
def log_in(user)
session[:user_id] = user.id
end
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
def logged_in?
!current_user.nil?
end
def logged_in_user
unless logged_in?
flash[:danger] = "Please log in."
redirect_to new_session_path
end
end
def current_user?(user)
user == current_user
end
end
Allpication.html.erb
<body>
<div class="container">
<% flash.each do |message_type, message| %>
<div class="alert alert-<%= message_type %>"><%= message %></div>
<% end %>
<header>
<% if logged_in? %>
<%= link_to "Log out", sessions_path, method: "delete" %>
<%= link_to "Edit", edit_user_path(current_user) %>
<% else %>
<li>
<%= link_to "Sign Up", new_user_path %>
</li>
<li>
<%= link_to "Log in", new_sessions_path %>
</li>
<% end %>
</header>
<%= yield %>
</div>
</body>
请帮助我。我要疯了。
用户控制器
class UsersController < ApplicationController
before_action :logged_in_user, only: [:new, :show, :edit, :update]
before_action :correct_user, only: [:new, :show, :edit, :update]
def index
@users = User.all
end
def new
@user = User.new
end
def create
@user = User.new(set_params)
if @user.save
redirect_to new_session_url
else
render 'new'
end
end
def show
@user = User.find(params[:id])
@posts = @user.posts
end
def edit
@user = User.find(params[:id])
end
def update
@user = User.find(params[:id])
if @user.update(update_params)
redirect_to @user
else
render 'edit'
end
end
private
def set_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def update_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_url) unless current_user?(@user)
end
end
用户只能登录 he/she 登录。
我已经根据建议或尝试过的内容更新了我的代码。
正如评论中所指出的,这是因为 Rails 正在缓存。
您可以执行以下操作来解决此问题。
在你的ApplicationController中,输入以下代码
class ApplicationController < ActionController::Base
before_action :set_cache_buster
private
def set_cache_buster
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end
end
即使在注销后,我也可以通过单击搜索栏上的后退按钮登录到应用程序。
由于一些奇怪的原因,我无法完全删除会话。
我没有使用任何 gem。我想从头开始创建 rails 身份验证。
会话控制器:
class SessionsController < ApplicationController
def new
end
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
log_in user
redirect_to user
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end
def destroy
reset_session
redirect_to root_path
end
end
应用程序助手
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
helper_method :current_user,:logged_in?, :logged_in_user,:current_user
def log_in(user)
session[:user_id] = user.id
end
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end
def logged_in?
!current_user.nil?
end
def logged_in_user
unless logged_in?
flash[:danger] = "Please log in."
redirect_to new_session_path
end
end
def current_user?(user)
user == current_user
end
end
Allpication.html.erb
<body>
<div class="container">
<% flash.each do |message_type, message| %>
<div class="alert alert-<%= message_type %>"><%= message %></div>
<% end %>
<header>
<% if logged_in? %>
<%= link_to "Log out", sessions_path, method: "delete" %>
<%= link_to "Edit", edit_user_path(current_user) %>
<% else %>
<li>
<%= link_to "Sign Up", new_user_path %>
</li>
<li>
<%= link_to "Log in", new_sessions_path %>
</li>
<% end %>
</header>
<%= yield %>
</div>
</body>
请帮助我。我要疯了。
用户控制器
class UsersController < ApplicationController
before_action :logged_in_user, only: [:new, :show, :edit, :update]
before_action :correct_user, only: [:new, :show, :edit, :update]
def index
@users = User.all
end
def new
@user = User.new
end
def create
@user = User.new(set_params)
if @user.save
redirect_to new_session_url
else
render 'new'
end
end
def show
@user = User.find(params[:id])
@posts = @user.posts
end
def edit
@user = User.find(params[:id])
end
def update
@user = User.find(params[:id])
if @user.update(update_params)
redirect_to @user
else
render 'edit'
end
end
private
def set_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def update_params
params.require(:user).permit(:name, :email, :password, :password_confirmation)
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_url) unless current_user?(@user)
end
end
用户只能登录 he/she 登录。
我已经根据建议或尝试过的内容更新了我的代码。
正如评论中所指出的,这是因为 Rails 正在缓存。
您可以执行以下操作来解决此问题。
在你的ApplicationController中,输入以下代码
class ApplicationController < ActionController::Base
before_action :set_cache_buster
private
def set_cache_buster
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end
end