remark about login from cookie
Reported by Xavier Noria | December 27th, 2007 @ 02:52 AM | in Second Edition
It is worth noting that the innocent logged_in? at the top of page 499 in the listing of method login_from_cookie actually checks whether there's a :user in the session (that is her ID). If there's one it fetches the user from the database and returns true if successful. That's a side effect of the call to the current_user reader.
So, no matter whether you have remember_me enabled or not you are recognized as long as you have a session. The auth_token is ignored.
The "remember me" check box in login forms means to me whether I want a transient cookie or not. That is, "being remembered" equals for me to "I have a session". That's my interpretation. (You could have your session persisted and be logged out perhaps if unchecked, that's another possibility.)
As I interpret all this stuff acts_as_authenticated remember_me is a bit different, it means "I will remember you even if your session expires". I have never quite understood the use case for that feature.
Comments and changes to this ticket
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Obie