Scoping UserSession with Authlogic

24 Sep 2009, by James Kong

I like using subdomains to create a more personalised web application experience for the user. Having their own URL to access the application allows them to feel a sense of ownership. There are many ways you can do this(click here for one) but I specifically want to look at scoping your user sessions so that users cannot login to other user's accounts. Doing this with AuthLogic is surprisingly easy.

Assuming you subdomain names come from an Account model, add this line of code.

   class Account < ActiveRecord::Base
   authenticates_many :user_sessions
end

In your UserSessionController you can now scope your user sessions to the account.


class UserSessionsController < ApplicationController

    def create
       @user_session = @current_account.user_sessions.build(params[:user_session])
       if @user_session.save
          flash[:notice] = "Login successful!"
          redirect_back_or_default dashboard_path
        else
          render :action => :new
        end
    end
end

Cookies help us deliver our services. By using our services, you agree to our use of cookies.