Home/ Questions/Q 8671337
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T18:55:32+00:00

I have a Rails application that uses static html pages (not in app/views/) sending

  • 0

I have a Rails application that uses static html pages (not in app/views/) sending AJAX requests to the rails server for logging in and out.

I used session for user authentication and when the user logs in, session[:userid] is set and a response ‘logged in’ is sent back to the static html page. However after logging in when I click the logout button I found the session[:userid] became nil.

Here’s my code:

For logging in:

  def login
    # code here
    if encrypt(params[:password]) == @user.password # authenticated
      session[:userid] = @user.id
      render :text => 'logged in'
    else # wrong password
      render :text => 'password not correct'
    end
  end

For logging out

  def logout
    # here session is no longer available  
    session[:userid] = nil  
    render :text => 'logged out'
  end

Log in page:

    <button id='login_button'>Log in</button>
    <script type="text/javascript" charset="utf-8">
        $('#login_button').click(function() {
            $.ajax({
                type: 'POST',
                url: 'http://localhost:3000/user/login',
                data: { username : $('#login_username').val() , password : $('#login_password').val() }
            }).done(function(data) {
                if (data == 'logged in') {
                    window.location = 'logged_in.html';
                } else {
                    alert(data);
                }
            });
        });
    </script>

And for logging out:

<button id='logout_button'>Log out</button>
<script type="text/javascript" charset="utf-8">
    $('#logout_button').click(function() {
        $.ajax({
            type: 'POST',
            url: 'http://localhost:3000/user/logout',
        }).done(function(data) {
            console.log(data);
        });
    });
</script>

Log for login:

Started POST "/user/login" for 127.0.0.1 at 2012-10-12 16:28:46 -0500
Processing by UserController#login as */*
  Parameters: {"username"=>"name", "password"=>"[FILTERED]"}
  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE (username = 'name')
Completed 200 OK in 12ms (Views: 0.3ms | ActiveRecord: 0.6ms)

Log for logout:

Started POST "/user/logout" for 127.0.0.1 at 2012-10-12 16:28:50 -0500
Processing by UserController#logout as */*
{} <--------------------------------------- here I printed out session
  Rendered text template (0.0ms)
Completed 200 OK in 1ms (Views: 0.7ms | ActiveRecord: 0.0ms)

Is it the problem of AJAX, that we cannot use session for AJAX requests from the client?

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Do you have “protect_from_forgery” set? If so, this is causing the problem. When Rails receives the Ajax call and doesn’t find the correct CSRF token, it will close the session.

    Instead of turning the protection off globally, it would be better to turn it off just for any of the calls from the static page by putting something like this in the relevant controller:

    skip_before_filter :verify_authenticity_token, :only => [:login, :logout]
    • 0