before_save messing up

#user.rb ------> Model

class User < ActiveRecord::Base
  attr_accessible :email, :name, :password, :password_confirmation
  has_secure_password

  before_save :create_remember_token
       .
       .
       .
       .
       .
       .
       .
  private
    def create_remember_token
      self.remember_token = SecureRandom.urlsafe_base64
    end

end

#sessions_controller.rb -------> Sessions Controller

class SessionsController < ApplicationController
  def new

  end

  def create
    user = User.find_by_email(params[:session][:email])
    if user && user.authenticate(params[:session][:password])
      sign_in user
      redirect_to user
    else
      flash.now['error'] = 'Invalid email/password combination'
      render :new
    end
  end

  def destroy

  end
end

#sessions_helper.rb ------> Sessions Helper

module SessionsHelper
  def sign_in(user)
    cookies.permanent[:_pm] = user.remember_token
    current_user = user
  end
end

The problem is the cookie doesn't get set to any value at all. It's
always nil.
Thanks in advance for any assistance given.

[All the code is hosted here: https://github.com/TAKE2/RoR-Tutorial]

not sure if this is it or not but… do you need to add the remember_token to the attr_accessible list?

module SessionsHelper
def sign_in(user)
cookies.permanent[:_pm] = user.remember_token
current_user = user
end
end

The problem is the cookie doesn't get set to any value at all. It's
always nil.
Thanks in advance for any assistance given.

So does the user that you are testing with have a remember_token or is
it nil (perhaps you added the before save after you created that
user) ?

Fred

I reset the db which clears all the users already created. Every new user has a nil for the remember_token field. That’s the absurdity, the column in the db cannot be field with the value before the user is created.

Does your before_save get executed? I'd stick a breakpoint in there
and verify that it gets hit (although I can't think why it wouldn't)

Fred

I'm pretty new to ruby and rails BUT, I've had problems in the past
like this when I didn't set the variable up with the attr_accessible
in the model...

when you try to access the remember_token in the SessionHelper, is it
in scope without the attribute set up or is that why you're getting
nil?

try adding

attr_accessible :remember_token

to the top of your model and see if that helps...

I'd also add a

fail self.inspect in the callback after you make the assignment to
see:
1. that it's getting there
2. if the value is being set to something other than nil

just some thoughts from a noob

attr_accessible describes columns of the db whose values can be set and/or modified by the user through the web interface (at least that’s what I believe). That’s my reason for exempting :remember_token from the list. I’d give it a try and examine the security infringements. If they’re not grave, I’d stick with your plan.

Thanks in advance :slight_smile:

Sort of. it means that the value can be set by update_attributes or
the other APIs that take a hash of attributes. It has no effect on the
ability to do self.remember_token = 'blah'

Fred

but wouldn't it have an affect on the ability to access the
remember_token in the SessionHelper?

in this code:
module SessionsHelper
  def sign_in(user)
    cookies.permanent[:_pm] = user.remember_token
    current_user = user
  end
end

but wouldn't it have an affect on the ability to access the
remember_token in the SessionHelper?

No. Like i said it affects the ability to write attributes by passing
a hash of keys to values. It never affects reading column values and
never affects the ability to write values explicitly

Fred

In your first post you say the cookie doesn’t get set, then later you say the database column doesn’t get set. Which is the problem?

Also, is there a reason you’re setting cookies.permanent[:_pm] rather than cookies.permanent[:remember_token]? I’m not sure how rails would find it if the names don’t match what you’ve set in the User model.

The cookie name is independent of the column name. The cookie is created but has no value when I check it in my browser. I use Chrome (on PC). Thanks for your support

Problem has been resolved quite mysteriously. I deleted all my browser cookies and it worked now. I’m trying to figure out why that could be a solution. So hang on, I’d write everything here. Thanks for the family feeling. RAILS 4EVER!!!