I need help with something that should be very simple. I followed an excellent Rails 3 and Authlogic collaboration guide. Its the same basic authentication shell referenced in many places. But I just can't get the logout function to work. I tried all kinds of things for many days. So I need help. Perhaps this is just what I misunderstand, but here is the problem:
In the bottom line: @ user_session.destroy the session does not end.
More: I am working on a web service, so I only interact with requests in the .xml format ... and I use cURL for testing.
Everything works fine except for my main problem. I pick up the database by Users.
when I do the following without first logging in and the cookie.txt is empty (or some other user cookie) →
curl -v -H "Accept: text/xml" -X GET --cookie cookies.txt http://localhost:3000/user.xml
my request is rejected (no session) as expected
When I use it →
curl -v -H "Accept: text/xml" -X POST -d 'user_session[email]=eric@xyz.com&user_session[password]=secret' --cookie-jar cookies.txt http://localhost:3000/user_session.xml
a new session is being created and I can do the previous RECEIPT in my heart. Everything works correctly, because using a different user cookie does not work, using a cookie does not work, etc.
BUT ... when I log out ... by doing this →
curl -v -H "Accept: text/xml" -X DELETE --cookie cookies.txt http://localhost:3000/user_session.xml
The UserSessionsController # destroy action is called
def destroy
@user_session = UserSession.find
@user_session.destroy
respond_to do |format|
format.html { redirect_to(:users, :notice => 'Goodbye!') }
format.xml { head :ok }
end
end
and the lines inside the action - @user_session = UserSession.find and @ user_session.destroy are executed. No errors and testing @user_session = UserSession.find immediately after destruction creates zero as expected
HOWEVER... GET, cookie, , , - !
, , ApplicationController:
class ApplicationController < ActionController::Base
helper_method :current_user_session, :current_user
private
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end
def require_user
unless current_user
respond_to do |format|
format.xml { head :unauthorized }
end
return false
end
end
def require_no_user
if current_user
respond_to do |format|
format.xml { head :bad_request }
end
return false
end
end
@user_session = UserSession.find current_user_session - , , ... , cookie, .
, , . ActiveRecord, , . , . , , - Authlogic. .
??