Sessions Not Working after First Failed Login Attempt

[Neil Spear]

The login prompt for my app isn't handling Sessions correctly. Here's the scenario:

Once at the login screen, I type in a faulty username and password to fail the login attempt.

Second login attempt, I type in correct credentials. But the app redirects to the index of the app.

If using the correct credentials the first time, the app successfully redirects to the desired page.

I'm not sure how to handle the session management on the failed attempt while still displaying the necessary errors. Thoughts?

[rjclardy]

Hi Neil,

Are you binding in the login form's attributes (e.g. action, method) from the backend or are they hardcoded in the html? It sounds like they aren't being bound correctly after an invalid login attempt, but I'd need more info to know for sure. 

If you don't mind posting a gist with the following items I'll be happy to take a look:

• html for your login form
• backend code responsible for originally presenting the login
• backend code responsible for handling the login attempt

Thanks,

Ryan

[Neil Spear]

Typically, what directory items are you needing?

These are my assumptions of where you're trying to look:

HTML in 'views' folder

Backend code for original presentation of login in "lib/routes"

Backend code for handling the login attempt in "lib/routes"

?

-Neil

[Ryan Clardy]

That's correct, that should be everything I need. Though just to be clear, I don't need everything in your views directory, just the HTML for your login form.

--
Ryan Clardy | MB

--
You received this message because you are subscribed to the Google Groups "Pakyow" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pakyow+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Neil Spear]

Ryan,

Here's a gist:

https://gist.github.com/anonymous/082d90d7fcf9ced4a784

Let me know if there's other info I need to provide.

-Neil

[Bryan Powell]

Have you declared the `:session` as restful in its associated binder?

Bryan P.

[Neil Spear]

Yes. Sessions is declared as restful.

[Bryan Powell]

Okay, try replacing line 26 of sessions.rb with this:

ctx.bind(Session.new)

Bryan P.

On Sun, Oct 12, 2014 at 9:21 PM, Neil Spear <spe...@gmail.com> wrote:

Yes. Sessions is declared as restful.

[Neil Spear]

I tried that and no change.

[Bryan Powell]

Can you Gist the HTML (from view-source in the browser) after the initial failed login attempt?

Bryan P.

[Neil Spear]

Here 'tis. I'm not sure what you're looking for, though.

<script src="https://gist.github.com/anonymous/aa632fa13c76b8845f64.js"></script>

-Neil

[Neil Spear]

Try again, the embed didn't work.

https://gist.github.com/anonymous/aa632fa13c76b8845f64

-Neil

[bryanp]

Ok, I reproduced this in a test app. It appears to be a bug. If you reorder lines 25/26 in sessions.rb, it works as expected. I'll be digging into exactly what's going on here, but in the meantime let me know if changing the lines makes it work for you.

Bryan P.

[Neil Spear]

That did the trick! Thanks Bryan and Ryan. 

As a note, now when the login validation fails, the form fields for password don't cleared out. It did before the line switch. This is a nuisance which I'll have to track down.

-Neil

[bryanp]

You'll likely want to bind `Session.new` rather than `session`.

Figured out what was causing the issue and it's actually already fixed in the upcoming 0.8.1 release.

Bryan P.