Echographia

making things better, making better things

Saturday, May 23, 2009

Why I switched from acts_as_authenticated to Clearance, and why I didn’t need to

What happened, see, was that I finally started using my aforementioned old Rails app in earnest, and when I did, I discovered that… I couldn’t log out. I didn’t actually need to log out, but it bugged me. I dug around a little. I could log out in development mode, but not production mode. The logout method thought it was working, but when the next page loaded I was still logged in. Something to do with sessions and cookies.

Something down in the depths of the authentication system, and I thought, well, I could try to debug this ancient plugin that I didn’t write, and that has probably never been updated to newer versions of Rails… or I could try out one of those new systems I’ve been reading about. That have documentation, and support, and Rails 2.3 compatibility. How hard could it be?

Three days hard.

Some of that time was spent reading blogs and watching YouTube, of course, but a lot of it was lost in debugging thickets. Mostly I was fighting with my aging codebase – updating the Spatial Adapter for Rails, rewriting old integration tests with Cucumber rather than making them work with Shoulda and Clearance, and updating an old workaround for a Rails deficiency (still deficient, AFAICT). I didn’t write most of that up in the blog post, because it seemed vanishingly irrelevant.

But I finally got it done, pushed it to production, and… I still couldn’t log in.

Turns out it’s a known issue. There’s a tiny incompatibility between Passenger 2.0 (which is installed on DreamHost) and Rails 2.3 (which is not, but I’m using my own copy), which… I guess… prevents session cookies from being properly updated? The apparent fix was to munge Clearance’s authentication.rb, appending this line to the forget method:

        headers['Set-Cookie'] = ''

… but that looks sufficiently destructive that I don’t think it should be used in all cases.

In any case, I’m pretty sure I could’ve used the same workaround with acts_as_authenticated, in a fraction of the time. It was good to get some more experience with Cucumber, and I definitely like Clearance better than acts_as_authenticated (engines FTW!), but I wish I had those three days back.

posted by erik at 4:02 pm  

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress