songtianlun
5ff05c3dc4
- Update store_location method to handle HEAD requests - Ensure session forwarding URL is set for both GET and HEAD requests This change enhances the session management by allowing the application to store the original URL for HEAD requests, which is useful for certain types of HTTP interactions.
54 lines
1.1 KiB
Ruby
54 lines
1.1 KiB
Ruby
module SessionsHelper
|
|
def log_in(user)
|
|
session[:user_id] = user.id
|
|
# 防范会话重放攻击
|
|
session[:session_token] = user.session_token
|
|
end
|
|
|
|
def remember(user)
|
|
user.remember
|
|
cookies.permanent.encrypted[:user_id] = user.id
|
|
cookies.permanent[:remember_token] = user.remember_token
|
|
end
|
|
|
|
def current_user
|
|
if (user_id = session[:user_id])
|
|
user = User.find_by(id: user_id)
|
|
if user && session[:session_token] == user.session_token
|
|
@current_user = user
|
|
end
|
|
elsif (user_id = cookies.encrypted[:user_id])
|
|
user = User.find_by(id: user_id)
|
|
if user && user.authenticated?(cookies[:remember_token])
|
|
log_in user
|
|
@current_user = user
|
|
end
|
|
end
|
|
end
|
|
|
|
def logged_in?
|
|
!current_user.nil?
|
|
end
|
|
|
|
def forget(user)
|
|
user.forget
|
|
cookies.delete(:user_id)
|
|
cookies.delete(:remember_token)
|
|
end
|
|
|
|
def log_out
|
|
forget(current_user)
|
|
reset_session
|
|
@current_user = nil
|
|
end
|
|
|
|
def current_user?(user)
|
|
user && user == current_user
|
|
end
|
|
|
|
def store_location
|
|
session[:forwarding_url] = request.original_url if
|
|
request.get? || request.head?
|
|
end
|
|
end
|