On Tue, 26 Jul 2016 08:42:06 -0400, Steven Schveighoffer wrote:
I am using sessions to do authentication, so it can't be RESTful.
The resource would be "session". When creating a "session" resource you would store the data in the session. When destroying the "session" resource you would delete the data from the session. This is an example of a session controller in Rails:
class SessionsController < ApplicationController
def new
# renders a login form or similar
end
# login form posts to this method/route
def create
user = User.find_by_email(params[:email])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
redirect_to root_url, :notice => "Logged in!"
else
flash.now.alert = "Invalid email or password"
render "new"
end
end
# when logging out this method will be called
def destroy
session[:user_id] = nil
redirect_to root_url, :notice => "Logged out!"
end
end
http://railscasts.com/episodes/270-authentication-in-rails-3-1?view=asciicast
One might ask, why do you care about the route names then? Well, I just
do :) I want the route URLs to look intuitive when I'm testing them in a
browser.I think it would be nice to have an attribute that says "leave the prefix".
If you think it's easier you can manually set up the routes. There's even an example how to do that and using sessions: https://vibed.org/docs#http-sessions
/Jacob Carlborg