sagarpandya82 sagarpandya82 - 6 months ago 6
Ruby Question

Rails Tutorial (M.Hartl) Chapter 8, Why does the app fail to forget login status?

After logging into the application and then closing the browser completely, I re-open the browser expecting to be logged-out. However I am still logged in?

I am in section 8.2.3 Changing the layout links and apart from the above, the application looks and runs as expected. Also the code is as it is from the tutorial. I think these are the relevant files:

app/helpers/sessions_helper.rb

module SessionsHelper

# Logs in the given user.
def log_in(user)
session[:user_id] = user.id
end

# Returns the current logged-in user (if any).
def current_user
@current_user ||= User.find_by(id: session[:user_id])
end

# Returns true if the user is logged in, false otherwise.
def logged_in?
!current_user.nil?
end
end


app/controllers/sessions_controller.rb

class SessionsController < ApplicationController

def new
end

def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
log_in user
redirect_to user
else
flash.now[:danger] = 'Invalid email/password combination'
render 'new'
end
end

def destroy
end
end

Answer

Ordinarily, the session is cleared when you close your browser, so you should be logged out automatically in this case. Some browsers remember your session anyway, though, as discussed in this footnote, and that could be what's going on here.