double authocetation : how can I do it the best ?


I have this situation.

I m a volunteer on a toy library and I want to write a financial / borrow app for the toy library.

Now I have two seperate roles : staff member and client.

Staff member can log in and put things into the system.

Client is not allowed to do anything in the system.

Now I try to make it work in a sort of ecommerce site, where the shopping cart is the place I want to keep track of what the client borrows.

So my staff member logs in, a client comes to the counter to tell that he wants to borrow a toy-car.

Then the cart of that client must contains the toy-car.

How can I achieve this with sessions or another way ?


Hi ,

Instead of implementing it from scratch try to include any ror ecommerce gems and let it handle the cart and sessions. i personally like the simplicity of piggybak .


I can do that but most of the gems I see are working with the fact that the person who is logged in is also the person which “owns” the shopping card. With me that is not true.

So I try to find a way to resolve that problem.



If im reading this phrase right "a client comes to the counter " , the end client does not login right ? Then all you have to do is use the same ecommerce solution and let your staff “impersonate” your clients .

Look at this gem.

That could be a solution.

I only have to figure out how I can impersonate a person which is not logged in and add the toys to the card which is in a session.