I generated authentication support as instructed in Agile Web Development with Rails 8 Chapter 14: Logging in. However I feel like a step was left out.
I followed the steps to run ‘rails generate authentication’ and then the scaffold command to create Users.
By default the guides say Rails uses cookie store for sessions, but the generator created an ApplicationRecord subclass called Session without a corresponding migration to create the table in the DB. When I try to log in, I get an error that the table ‘sessions’ doesn’t exist.
How do I fix this?
To be clear, I’m not sure what the generator was supposed to generate - a database backed session store, or a cookie-based session store. I am fine with either approach for this project (don’t have firm requirements one way or another) but just want to understand how the generated code was supposed to work.
Hey @EternalRecursion I don’t know the reference you mention, so I don’t know the steps outlined there.
However, the generator should have created a migration with something like
class CreateSessions < ActiveRecord::Migration[8.0]
def change
create_table :sessions do |t|
t.references :user, null: false, foreign_key: true
t.string :ip_address
t.string :user_agent
t.timestamps
end
end
end
Could you confirm that no migration file like db/migrate/xxxxxxxxxxxxxxx_create_sessions.rb
was created?
If it wasn’t generated, I’d suggest you repeat the process and see if there is an explicit error or something like that.
Regards
I found a good article and corresponding gist that explained everything that should have been generated and how it is supposed to work, and did have to regenerate it. There were some discrepancies so I guess that gist was written with a different/earlier version of the generator. The 2nd time it created a sessions table as well, and was working - just creating lots of session rows for the sole user I was testing every time I tried to log out. IOW, I couldn’t get the SessionController#destroy
method to be called correctly to delete a session with exactly the code that was recommended in the gist, so I just backed out of it. Am contemplating using devise
but have decided to do more research before committing to an authentication scheme. Also noodling on cancancan
vs pundit
for authorization. But I decided to focus on the domain functionality and come back to this when I’m ready. Any thoughts about these options appreciated.
If you’re having trouble deleting a record (of any kind) in Rails, make sure that you are passing in a proper DELETE request, not a GET or POST or anything else. You don’t show the view code where you are calling your “log out” to sessions#destroy. If you are using a link_to
helper for that, then you will need to ensure you have the Turbo gem installed, and add the appropriate “type” hint to your link.
<%= link_to 'Sign out', session_path, data: { turbo_method: :delete } %>
If you are using a button_to
helper (which is preferred and recommended), then you must pass the method: :delete
to that helper instead.
<%= button_to 'Sign out', session_path, method: :delete %>
Hope this helps!
PS: check your routes in case I am wrong about session_path
being the proper name of the route.