阿贾克斯删除链接注销CURRENT_USER [英] Ajax Delete links log out current_user
问题描述
标题pretty的多解释了。我有一个奇怪的情况下被注销的意见,允许用户删除使用Ajax引起CURRENT_USER通知。我甚至不知道从哪里开始调试这...
The title pretty much explains it. I'm having an odd situation where views that allow users to delete notifications using Ajax cause the current_user to be logged out. I don't even know where to begin debugging this...
下面是控制器
class NotificationsController < ApplicationController
def destroy
@notification = Notification.find(params[:id])
@notification.destroy
respond_to do |format|
format.js
end
end
end
这是整个控制器,没有删节。由系统生成的通知,所以只能操作的用户可以是解雇(即删除)。
This is the entire controller, nothing is abridged. The notifications are generated by the system, so the only action a user can take is to "dismiss" (ie. delete) them.
我也试过这种使用较新的 respond_with 语法和有同样的效果。
I also tried this using the newer respond_with syntax and had the same effect.
我使用的设计,和Rails 3.0.9。任何想法可能是什么回事 - 或如何调试?建议
I'm using Devise, and Rails 3.0.9. Any idea what could be going on -- or suggestions on how to debug??
- 编辑1 -
-- EDIT 1 --
routes.rb中
Routes.rb
resources :notifications, :only => [:destroy]
删除链接
%span.delete= link_to( 'dismiss', notification_path(notification), :method => :delete, :remote => true )
- 编辑2 -
-- EDIT 2 --
嗯,我注意到在日志中新的东西 - 看的 * 的*以下
Well, I noticed something new in the logs -- see ** below.
Started DELETE "/notifications/10" for 127.0.0.1 at 2011-06-21 21:47:15 -0500
Processing by NotificationsController#destroy as JS
Parameters: {"id"=>"10"}
SQL (0.4ms) SELECT name
FROM sqlite_master
WHERE type = 'table' AND NOT name = 'sqlite_sequence'
SQL (0.3ms) SELECT name
FROM sqlite_master
WHERE type = 'table' AND NOT name = 'sqlite_sequence'
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1
Slug Load (0.4ms) SELECT "slugs".* FROM "slugs" WHERE ("slugs".sluggable_id = 1 AND "slugs".sluggable_type = 'User') ORDER BY id DESC LIMIT 1
****AREL (0.3ms) UPDATE "users" SET "remember_token" = NULL, "remember_created_at" = NULL, "updated_at" = '2011-06-22 02:47:15.913839', "preferences" = '---
:email_notifications: ''true''
' WHERE "users"."id" = 1
Notification Load (0.2ms) SELECT "notifications".* FROM "notifications" WHERE "notifications"."id" = 10 LIMIT 1
User Load (1.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1
AREL (0.3ms) UPDATE "users" SET "notifications_count" = COALESCE("notifications_count", 0) - 1 WHERE "users"."id" = 1
AREL (0.1ms) DELETE FROM "notifications" WHERE "notifications"."id" = 10
Rendered notifications/destroy.js.erb (0.7ms)
Completed 200 OK in 6416ms (Views: 9.6ms | ActiveRecord: 4.1ms)
那么,它就在那里,它看起来像用户表的一部分是越来越设置为null,特别是remember_token我怀疑是触发设计结束会话,或者这是由设计完成后会被破坏。但如何跟踪下来?
So, there it is, it looks like part of the users table is getting set to null, particularly the remember_token which I suspect is triggering Devise to end the session, or maybe this is done by Devise after the session is destroyed. But how do I track that down?
我唯一能想到的,导致通知与用户互动是有一个 counter_cache 上的用户的 notifications_count 。
The only thing I can think of that causes notifications to interact with Users is there's a counter_cache on Users for notifications_count.
我AP preciate的想法和建议,就如何调试!
I appreciate thoughts and suggestions on how to debug!
- 编辑3 -
-- EDIT 3 --
红宝石调试挖掘后,它看起来像该问题与制定和更改rails.js脚本。参见:
After digging with ruby-debug it looks like the issue is related to Devise and changes to the rails.js script. See:
<一个href="https://github.com/plataformatec/devise/issues/913">https://github.com/plataformatec/devise/issues/913
https://github.com/ryanb/cancan/issues/280
我想了一些建议,这些线程和会后,如果我找到一个解决方案。
I'm trying out some of the suggestions on those threads and will post if I find a solution.
推荐答案
事实证明,这不得不做改变Rails的jQuery的UJS驱动程序和设计。我已经更新了设计,而无需更新的jQuery UJS - 并制订期待的CSRF令牌进行不同的处理,所以它被处理Ajax请求,这意味着破坏了当前用户的会话未授权。升级到最新的jQuery Rails的驱动程序解决了问题。
It turns out this had to do with changes to the Rails jQuery UJS driver and Devise. I had updated Devise without updating jQuery UJS -- and Devise was expecting the CSRF token to be handled differently, so it was processing the ajax request as unauthorized which meant destroying the current user's session. Upgrading to the latest jQuery Rails driver fixed the problem.
这篇关于阿贾克斯删除链接注销CURRENT_USER的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
