Comments for binarylogic's authlogic  

Yeah, I’m waiting this there too.

Thats actually not that new of a feature, but I should have known better not to use it.

Ah, this bug just hit my system and I’ve been trying to figure out what went wrong. Life on the bleeding edge is soooo fun. :)

Cool – I had been a bit puzzled how to test Authlogic previously and bodged something together, but this should make life a lot easier. Thanks. :-)

Shouldn’t it be :require_password??

That’s odd, anthon – it now works for me. Did you update your httpd.conf and run the passenger-install-apache2-module command?

<pre>This stuff is supposed to be fixed with the upcoming Rails 2.3.1 and Passenger 2.1.1 releases, right? I’m giving it a shot now, in any case :)</pre>
not sure… i’m running rails 2.3.2 and Passenger 2.1.2, and my problem persists; can’t clear auth session, and hence no logout…

I think this random.rb needs to be added to the gemspec.

trevorturk: Yes.

This stuff is supposed to be fixed with the upcoming Rails 2.3.1 and Passenger 2.1.1 releases, right? I’m giving it a shot now, in any case :)

I had to add ‘openid_identifier’ to this list to get openid login to work correctly. Is there a new method for doing OpenID after this change?
I’m working off of https://www.binarylogic.com/2008/11/21/tutorial-using-openid-with-authlogic
Thanks!

binarylogic: my bad, I thought logging in resets @persistence_token anyway.

@thedarkone: the problem with resetting the persistence token on logout is that it will logout ALL instances. Take the example of a home and work computer. If you logout at home, when you get to the office the next day you will have to log back in. That’s not very use friendly. In fact, I believe this is how restful_authentication works and one of the reasons I didn’t like using it. if sessions work properly in rails everything should be fine and user friendly. I don’t think relying on sessions to work is big requirement either, just one of those things. This should be a big enough issue to get fixed ASAP.

I do use Passenger with edge Rails and cookies (all cookies not just the cookie sessions) are broken right now due to Rack 1.0 / Passenger 2.0.6 incompatibility (there is a fix in the edge Passenger and will be released with Passenger 2.1).
Authlogic doesn’t use reset_session and shouldn’t really care if it works or not.
I was planning to go with plain cookie authentication for Authlogic as it is more efficient anyways, but thanks for the heads up.
PS: maybe we should just always reset persistence_token in Session#destroy to avoid all the problems altogether?

See ticket "#1601":https://rails.lighthouseapp.com/projects/8994/tickets/1601-reset_session-doesnt-result-in-new-session-id-being-applied-via-set-cookie , it seems that reset_session is not working properly.

I am unable to log out, even on 2.0.6. I was under the impression that it had been fixed on Passenger edge, but wasn’t yet in the gem version.
The problem only arose a couple of weeks ago, when using edge rails.

Upgrading to the latest version of Passenger (2.0.6) seems to fix the problem, at least for me.

If cookie store works great for you then no reason to change it. I’ve had issues with cookie store, especially when developing, because sometimes I will jump around browser to test interface issues, etc. The protect from forgery feature gets all messed up when I do this. It just seems really unstable. It has nothing to do with Authlogic, it’s just cookie store in general. Authlogic just leverages the rails session system, that’s it, it doesn’t do anything tricky, nothing you wouldn’t do in a controller yourself.

Could some one please elaborate or hint at what could go wrong if one does use cookie sessions? :)

Got undefined method `logged_out?’ for a user instance…