Scoping UserSession with Authlogic24 Sep 2009
I like using subdomains to create a more personalised web application experience for the user. Having their own URL to access the application allows them to feel a sense of ownership. There are many ways you can do this(click here for one) but I specifically want to look at scoping your user sessions so that users cannot login to other user's accounts. Doing this with AuthLogic is surprisingly easy.
Assuming you subdomain names come from an Account model, add this line of code.
class Account < ActiveRecord::Base authenticates_many :user_sessions end
In your UserSessionController you can now scope your user sessions to the account.
class UserSessionsController < ApplicationController def create @user_session = @current_account.user_sessions.build(params[:user_session]) if @user_session.save flash[:notice] = "Login successful!" redirect_back_or_default dashboard_path else render :action => :new end end end