Rails-会话无法通过AJAX登录吗? [英] Rails - session not working for log in by AJAX?

问题描述

我有一个Rails应用程序，该应用程序使用静态html页面(不在app/views/中)将AJAX请求发送到Rails服务器以进行登录和注销.

I have a Rails application that uses static html pages (not in app/views/) sending AJAX requests to the rails server for logging in and out.

我使用会话进行用户身份验证，当用户登录时，设置了 session [:userid] 并将登录"响应发送回静态html页面.但是，当我单击注销按钮登录后，发现 session [:userid] 变为 nil .

I used session for user authentication and when the user logs in, session[:userid] is set and a response 'logged in' is sent back to the static html page. However after logging in when I click the logout button I found the session[:userid] became nil.

这是我的代码:

用于登录:

  def login
    # code here
    if encrypt(params[:password]) == @user.password # authenticated
      session[:userid] = @user.id
      render :text => 'logged in'
    else # wrong password
      render :text => 'password not correct'
    end
  end

注销

  def logout
    # here session is no longer available  
    session[:userid] = nil  
    render :text => 'logged out'
  end

登录页面:

    <button id='login_button'>Log in</button>
    <script type="text/javascript" charset="utf-8">
        $('#login_button').click(function() {
            $.ajax({
                type: 'POST',
                url: 'http://localhost:3000/user/login',
                data: { username : $('#login_username').val() , password : $('#login_password').val() }
            }).done(function(data) {
                if (data == 'logged in') {
                    window.location = 'logged_in.html';
                } else {
                    alert(data);
                }
            });
        });
    </script>

要注销:

<button id='logout_button'>Log out</button>
<script type="text/javascript" charset="utf-8">
    $('#logout_button').click(function() {
        $.ajax({
            type: 'POST',
            url: 'http://localhost:3000/user/logout',
        }).done(function(data) {
            console.log(data);
        });
    });
</script>

登录以登录:

Started POST "/user/login" for 127.0.0.1 at 2012-10-12 16:28:46 -0500
Processing by UserController#login as */*
  Parameters: {"username"=>"name", "password"=>"[FILTERED]"}
  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE (username = 'name')
Completed 200 OK in 12ms (Views: 0.3ms | ActiveRecord: 0.6ms)

登录以注销:

Started POST "/user/logout" for 127.0.0.1 at 2012-10-12 16:28:50 -0500
Processing by UserController#logout as */*
{} <--------------------------------------- here I printed out session
  Rendered text template (0.0ms)
Completed 200 OK in 1ms (Views: 0.7ms | ActiveRecord: 0.0ms)

是AJAX的问题，我们不能使用会话处理来自客户端的AJAX请求吗?

Is it the problem of AJAX, that we cannot use session for AJAX requests from the client?

提前谢谢.

推荐答案

是否设置了"protect_from_forgery"?如果是这样，这就是问题所在.当Rails收到Ajax调用并且找不到正确的CSRF令牌时，它将关闭会话.

Do you have "protect_from_forgery" set? If so, this is causing the problem. When Rails receives the Ajax call and doesn't find the correct CSRF token, it will close the session.

与其在全局关闭保护，不如通过在相关控制器中放置类似以下内容的方法，仅针对来自静态页面的任何调用将其关闭:

Instead of turning the protection off globally, it would be better to turn it off just for any of the calls from the static page by putting something like this in the relevant controller:

skip_before_filter :verify_authenticity_token, :only => [:login, :logout]

这篇关于Rails-会话无法通过AJAX登录吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！