songtianlun
63cebef027
- Implement remember me checkbox in login form - Update sessions controller to handle remember me logic - Enhance session management to prevent session hijacking - Add tests for remember me functionality This commit introduces a "Remember me" feature that allows users to stay logged in across sessions. It includes updates to the login form, session handling in the controller, and additional tests to ensure the functionality works as expected. The changes also improve security by validating session tokens to prevent session hijacking.
25 lines
608 B
Ruby
25 lines
608 B
Ruby
class SessionsController < ApplicationController
|
|
include SessionsHelper
|
|
def new
|
|
end
|
|
|
|
def create
|
|
user = User.find_by(email: params[:session][:email].downcase)
|
|
# if user && user.authenticate(params[:session][:password])
|
|
if user&.authenticate(params[:session][:password])
|
|
reset_session
|
|
params[:session][:remember_me] == '1' ? remember(user) : forget(user)
|
|
log_in user
|
|
redirect_to user
|
|
else
|
|
flash.now[:danger] = 'Invalid email/password combination'
|
|
render 'new'
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
log_out if logged_in?
|
|
redirect_to root_url
|
|
end
|
|
end
|