Module: Authlogic::Session::Params

Included in:
Base
Defined in:
lib/authlogic/session/params.rb

Overview

This module is responsible for authenticating the user via params, which ultimately allows the user to log in using a URL like the following:

https://www.domain.com?user_credentials=4LiXF7FiGUppIPubBPey

Notice the token in the URL, this is a single access token. A single access token is used for single access only, it is not persisted. Meaning the user provides it, Authlogic grants them access, and that's it. If they want access again they need to provide the token again. Authlogic will NEVER try to persist the session after authenticating through this method.

For added security, this token is ONLY allowed for RSS and ATOM requests. You can change this with the configuration. You can also define if it is allowed dynamically by defining a single_access_allowed? method in your controller. For example:

class UsersController < ApplicationController
  private
    def single_access_allowed?
      action_name == "index"
    end

Also, by default, this token is permanent. Meaning if the user changes their password, this token will remain the same. It will only change when it is explicitly reset.

You can modify all of this behavior with the Config sub module.

Defined Under Namespace

Modules: Config, InstanceMethods

Class Method Summary collapse

Class Method Details

.included(klass) ⇒ Object


25
26
27
28
29
30
31
32
# File 'lib/authlogic/session/params.rb', line 25

def self.included(klass)
  klass.class_eval do
    extend Config
    include InstanceMethods
    attr_accessor :single_access
    persist :persist_by_params
  end
end