0

I'm pretty new to rails. I have a login system where, if data entered is valid, session[:user] is set. However, when later in ApplicationController I refer to session[:user] it will always give me an error, no matter the context, unless the line is commented out. Example:

user = session[:user]

The error it gives me is a generic "not working at this time" error, it doesn't actually say what's wrong.

Edit: Here's the error. It's a generic one.

We're sorry, but something went wrong.

We've been notified about this issue and we'll take a look at it shortly.

Also I tried many different variants and no matter what I stored in there it still gave me the error, it seemed. Here's my code:

Login processing:

session[:name] = valid_user.name
session[:password] = valid_user.password

Session validation (on every page view):

name = session[:name]
pass = session[:password]
Matt Eskridge
  • 1,019
  • 10
  • 24
  • that sounds like a weird error. Can you paste the exact error ? And also, some more code on how the session is specified. Make sure you do not store a whole model inside your session. Just store the id. – Spyros Mar 29 '11 at 03:26
  • i don't see an error. When you remove name =session[:name], you do not get the same error ? This kind of error most times signified redirection errors. – Spyros Mar 29 '11 at 04:16
  • I don't get the error when I replace the session[:name] and session[:password] both with "" or if I comment out the function call which checks the session data. Otherwise, I get an error on every page. – Matt Eskridge Mar 29 '11 at 04:22

2 Answers2

1

Ok, a few things:

  1. You need to take your app out of production mode -- that's why you're getting this useless error message. Set to development mode or read your server log and you should get a more verbose and useful error message. ( See this question for related discussion, just set it to development instead of setting it to production as that asker was doing )

  2. Don't store the user object in session, and DEFINITELY don't store the password in session. You should only store the user id, then do something like this:

    user = User.find_by_id(session[:user_id]

  3. After you share the more verbose error message I can try to help you more, but most likely the error is you are asking for some session parameter that is undefined. The verbose error message will tell you what and where, but in the mean time check carefully to make sure you never ask for a session value when it hasn't been set.

Community
  • 1
  • 1
Andrew
  • 42,517
  • 51
  • 181
  • 281
  • 1: it's in dev mode. Most of my errors are verbose. Where is the server log?; 2. I don't think I'm storing the entire object in the session and, if I were to not store the password int he session, then couldn't the user spoof a login? Dunno if this is a concern in rails but it is in other languages which I am more familiar with.; 3. How can I check if a session variable is/is not defined without causing such an error as I'm getting here? – Matt Eskridge Mar 29 '11 at 06:02
  • Hmm, I found the log. Looks like a nil object error. "You have a nil object when you didn't expect it!" – Matt Eskridge Mar 29 '11 at 06:15
  • Hmm, turns out that I can access the session variable inside a view, but just not in ApplicationController. Is there any reason why I shouldn't be able to access it there? – Matt Eskridge Mar 29 '11 at 06:51
  • RE: Dev mode -- good. That's really weird that it's just giving you the generic 500 screen, but whatev. RE: Spoofing login -- the whole point of authentication is you don't let that user id be set without passing authentication. RE: Nil object-- that confirms what I said, you're asking for a session variable somewhere that it doesn't exist. Now, I think you can access session from the application controller, but I'd need to look it up because I've never needed to. – Andrew Mar 29 '11 at 15:13
  • Two more tips, because I don't think I'm going to be able to find this error for you: first, check out Devise -- see http://railscasts.com/episodes/209-introducing-devise for an intro. It's probably easier to use than what you're trying to bake. Second, go buy Beginning Rails 3 (http://www.amazon.com/Beginning-Rails-Experts-Voice-Development/dp/1430224339/). It only takes a weekend to read through, it's UNBELIEVABLY helpful, and it will be like applying warp speed to your rails learning curve. Worth every penny - how I got started so I really know it works. – Andrew Mar 29 '11 at 15:17
  • Wow, that rails book is pretty well priced (especially since it's on sale right now). I already have a ruby one which doesn't brush on rails much, so I'll probably get that some time soon. I agree that books are usually a thousand times better than anything online. :) And thanks for all the tips. – Matt Eskridge Mar 29 '11 at 23:24
0

Hmm, i don't see you initializing session[:name] anywhere. You are using session[:user] to do that. Is this really the case ?

I think that if you use :

name = session[:user]

it will work.

Spyros
  • 46,820
  • 25
  • 86
  • 129