Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // It depends on what your using for backing your sessions. If the session is in the Cookie then there's nothing your Admin can do with it as there's nothing server side to work with. Irregardless, messing with someone else's session may not be possible as you won't know the session ID.
- // What you want to do is either catch the ActiveRecord::RecordNotFound that is thrown by find or use find_by_id which will return nil. When the user tries to access the site with the session referencing a deleted user, you can then kill the session.
- def current_user
- @current_user ||= Twitteruser.find(session[:twitteruser_id]) if session[:twitteruser_id]
- rescue ActiveRecord::RecordNotFound
- session[:twitteruser_id] = nil # or reset_session
- end
- or
- def current_user
- @current_user ||= fetch_user(session[:twitteruser_id])
- end
- def fetch_user(id)
- Twitteruser.find_by_id(id) || reset_session unless id.nil?
- end
- // This will work regardless of how a Twitteruser gets deleted. For example, imagine if you deleted the user from the rails console where there is no session.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement