| Class | Cms::SessionsController |
| In: |
app/controllers/cms/sessions_controller.rb
|
| Parent: | Cms::ApplicationController |
This controller handles the login/logout function of the site.
# File app/controllers/cms/sessions_controller.rb, line 11
11: def create
12: logout_keeping_session!
13: user = User.authenticate(params[:login], params[:password])
14: if user
15: # Protects against session fixation attacks, causes request forgery
16: # protection if user resubmits an earlier form using back
17: # button. Uncomment if you understand the tradeoffs.
18: # reset_session
19: self.current_user = user
20: new_cookie_flag = (params[:remember_me] == "1")
21: handle_remember_cookie! new_cookie_flag
22: flash[:notice] = "Logged in successfully"
23: if params[:success_url] # Coming from login portlet
24: redirect_to((!params[:success_url].blank? && params[:success_url]) || session[:return_to] || "/")
25: session[:return_to] = nil
26: else
27: redirect_back_or_default(cms_home_url)
28: end
29: else
30: note_failed_signin
31: @login = params[:login]
32: @remember_me = params[:remember_me]
33: flash[:login_error] = "Log in failed"
34: if params[:success_url] # Coming from login portlet
35: if params[:success_url].blank?
36: success_url = session[:return_to] || "/"
37: else
38: success_url = params[:success_url]
39: end
40: flash[:login] = params[:login]
41: flash[:remember_me] = params[:remember_me]
42: flash[:success_url] = success_url
43: redirect_to request.referrer
44: else
45: render :action => "new"
46: end
47: end
48: end
# File app/controllers/cms/sessions_controller.rb, line 50
50: def destroy
51: logout_user
52: redirect_back_or_default("/")
53: end
Pulled this out as a separate method so that modules (like bcms_cas) can override/alias destroy and not have a redirect happen as a side effect.
# File app/controllers/cms/sessions_controller.rb, line 59
59: def logout_user
60: logout_killing_session!
61: cookies.delete :openSectionNodes
62: flash[:notice] = "You have been logged out."
63: end