#149 new

stale? true when providing single_access_token credentials

Reported by psm42 | September 30th, 2009 @ 02:48 AM

I've discovered the failure of a functional test for one of my apps that prevents me accessing a protected action when there is no logged in session, but the single_access_token value is passed for user_credentials, which I expect to provide a valid user at all times. However, I find that the current_user_session is a valid object, but the user method on it returns nil, and the stale? method returns true. This occurs when the User last_request_at field is either NULL, or a time long ago. When it is a recent time, the credentials provided do what you would expect.

I would expect that providing the single_access_token even long after last making a request of the application while logged in is fine. If not, is there another good option for providing a token-based authentication mechanism that outlasts any concerns of session time?


No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket