Rob,
I see what you're saying, esp., given your comment:
"you have to load the user info (session + User model) to check the
permission anyway so you have to hit the database"
Unlike what I sense is anticipated by the Authlogic example code, I
take the following approach in my app:
unauthenticated users can use all app functionality up to a certain
point, when they have to register (a try-before-you-buy approach.)
So, under this approach I have to apply the require_user approach in a
before_filter for every action, not just those associated with a few
protected pages. This just seems like a lot of work. It's like adding
a layer of authentication goo all over my app and unlike, preferably,
enabling authentication as a 'switch' to my app.
Lille
On Jul 2, 12:20 pm, Rob Biedenharn <R...@AgileConsultingLLC.com>
wrote:
> On Jul 2, 2010, at 12:02 PM, Lille wrote:
>
> > @Rob - Yes, I see what you're referring to in the Authlogic example
> > code. I guess I can feel comforted by that...
>
> > @Marnen, @Rob - ...but isn't reliance on session expensive, e.g., if
> > I've chosen server-side ActiveRecordStore session storage?
>
> Um, compared to what? If the work to instantiate the session from the
> database, alter a value, and write it base is your bottleneck, I'd say
> you have one blazingly fast application ;-)
>
> I wouldn't worry about that (at least no yet). You have to load the
> user info (session + User model) to check the permission anyway so you
> have to hit the database.
>
> -Rob
>
>
>
>
>
>
>
> > On Jul 2, 11:51 am, Rob Biedenharn <R...@AgileConsultingLLC.com>
> > wrote:
> >> On Jul 2, 2010, at 11:42 AM, Marnen Laibow-Koser wrote:
>
> >>>> My hope would be for something like:
>
> >>>> redirect_to :back
>
> >>>> But this is a no-go...
>
> >>> Why?
>
> >> Well, for one thing, you don't always have an HTTP_REFERER (if the
> >> user types a URL into the browser for example).
>
> >> You get this nearly for free with Authlogic anyway. Just modify the
> >> example require_user and associated code to fit your needs.
>
> >> -Rob
>
> >> Rob Biedenharn
> >> R...@AgileConsultingLLC.com http://AgileConsultingLLC.com/
> >> r...@GaslightSoftware.com http://GaslightSoftware.com/
>
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Ruby on Rails: Talk" group.
> > To post to this group, send email to rubyonrails-
> > talk@googlegroups.com.
> > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com
> > .
> > For more options, visit this group athttp://groups.google.com/group/rubyonrails-talk?hl=en
> > .
>
> Rob Biedenharn
> R...@AgileConsultingLLC.com http://AgileConsultingLLC.com/
> r...@GaslightSoftware.com http://GaslightSoftware.com/
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment