Home/ Questions/Q 104319
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T01:15:46+00:00

Each client is identified by a hash, passed along with every request to the

  • 0

Each client is identified by a hash, passed along with every request to the server. What’s the best way to handle tracking a users session in this case?

I’m using restful_authentication for user accounts etc. A large percentage of requests are expected to originate without a user account but just the unique hash.

My understanding of the way handles sessions is limited so please bear that in mind. 🙂

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Using this hash in the URL means that you don’t have Rails built-in session. The point of the session is to provide some sense of state between requests. You’re already providing this state, seeing that you are passing this hash, so in my opinion you could remove the restful_authentication plugin and do something like this instead:

    class ApplicationController < ActionController::Base   def require_login     if params[:access_key]       @current_user = User.find_by_access_key(params[:access_key]) || restrict_access     else       restrict_access     end   end    def restrict_access     flash[:error] = 'You have to log in to access that.'     redirect_to root_path   end end

    Then, do a before_filter :require_login in the controllers where login is required for access.

    • 0