- Included in:
- Defined in:
This module is responsible for authenticating the user via params, which ultimately allows the user to log in using a URL like the following:
Notice the token in the URL, this is a single access token. A single access token is used for single access only, it is not persisted. Meaning the user provides it, Authlogic grants them access, and that's it. If they want access again they need to provide the token again. Authlogic will NEVER try to persist the session after authenticating through this method.
For added security, this token is ONLY allowed for RSS and ATOM requests. You can change this with the configuration. You can also define if it is allowed dynamically by defining a single_access_allowed? method in your controller. For example:
class UsersController < ApplicationController private def single_access_allowed? action_name == "index" end
Also, by default, this token is permanent. Meaning if the user changes their password, this token will remain the same. It will only change when it is explicitly reset.
You can modify all of this behavior with the Config sub module.
Defined Under Namespace
Class Method Summary collapse
Class Method Details
.included(klass) ⇒ Object
25 26 27 28 29 30 31 32
# File 'lib/authlogic/session/params.rb', line 25 def self.included(klass) klass.class_eval do extend include attr_accessor :single_access persist :persist_by_params end end