I recently wanted to deploy my Rails app on heroku but wanted to shield it from the outside world until I had tested it on the heroku itself. In order to shield it I have used authenticate_or_request_with_http_basic. However after having passed through the basic authentication and wanting to login (login system using authlogic) I find that authlogic doesn't remember a session (e.g. current_user == nil).
Without the authenticate_or_request_with_http_basic before_filter the authlogic sessions work fine.
Does anybody know why this is and how to make the two work together?
Thanks in advance.
PS: Just to be clear, my goal is not to be able to use authlogic users with authenticate_or_request_with_http_basic.
PPS: I use Rails 3 and git://github.com/odorcicd/authlogic.git
I'm having this issue also! I'm going to try and look into it to see if I can come up with anything...
EDIT: The fix is to disallow HTTP basic auth on your Authlogic session...
class UserSession < Authlogic::Session::Base
allow_http_basic_auth false
end
I'm pretty sure that this is a bug in Authlogic. The problem is this method:
Authlogic::Session::HttpAuth::InstanceMethods#allow_http_basic_auth?
which returns true when HTTP Basic is being used, even elsewhere in your application.