I've made a Padrino app that has one single password for accessing the admin page. I'm using the following helpers for the authorization.
# Check if the user is authenticated.
def authenticated?(opts = {})
if session["cooly"] != options.session_secret
redirect url(opts[:send_to] || :login)
end
end
# Create a new session.
def authenticate!
session["cooly"] ||= 0
session["cooly"] = options.session_secret
end
Write now, when I exit my browser, the session goes away and I have to login again. How do I keep the session?
The answer was to make non-expiring cookies.
# Check if the user is authenticated.
def authenticated?(opts = {})
if session["cooly"] == options.session_secret || request.cookies["cooly"] == options.session_secret
return true
else
redirect url(opts[:send_to] || :login)
end
end
# Create a new session.
def authenticate!
session["cooly"] ||= 0
session["cooly"] = options.session_secret
expiration_date = 10.year.from_now
response.set_cookie('cooly', :value => options.session_secret, :expires => expiration_date)
end