A browser sends a request (/main/index) so ROR creates an instance of main_controller and invokes the index action on it. main_controller has registered ``audit" as a before_filter. ``audit" is called first before ``index". so far so good.
def audit() does this:
// the login_controller handles the login page and // knows whether or not there's a valid login by // inspecting the session param in a certain way // which it encapsulates. // // remember: audit is a method inside main_controller c = AuthenticationController.new if c.valid_user == true // if there's a valid login . . .
The problem: when c.valid_user (that is LoginController.valid_user via the `c' object) attempts to read from it's @session param it is nil.
Conclusion: AuthenticationController.new creates a new controller but its @session param is nil. Implication: During the normal course of routing action calls, the ROR framework creates your controller on your behalf via its class method .new and, at a later time, also sets the session variable for your.
The design goal here is simple: delegation: I can have exactly one class encapsulate all the authentication stuff. However my design is broken because of the unexpected problem of not accessing the @session pram
Comments?
