Sessions & User Authentication in Padrino

Question

I'm very new to Padrino (I come from a PHP background), and ruby web frameworks in general, and have been trying to figure out how to implement a simple user authentication and session management system, but have not really found much documentation on the subject. I know that padrino comes with a pre-built "Admin" package that includes user login/authentication, ect, however I'd rather roll my own from scratch, rather than trying to customize their solution to fit my own needs.

So my question is, in Padrino how would I go about implementing a simple session-based authentication system for logging in users by setting session data once a user/pass combo has been validated against the database, retrieving that session data to check if the user is logged in when a request is made to protect certain pages/resources, use the session data to get the user's ID/role/ect, and then destroy that session when user logs out. As a PHP programmer I'm used to using the $_SESSION superglobal for this purpose, is there something akin to this in padrino/ruby? I noticed there is a enable :sessions in app.rb, is :sessions the pardrino equivalent?

Answer 1

Yup,

session[:cart] = cart_id
Cart.find(session[:cart].to_i) if session[:cart].present?

For authentication purposes you can avoid padrino-admin and builtin auth using a more more simple way:

# in app.rb
use Rack::Auth::Basic, 'Restricted Area' do |username, password|
  user == 'admin' and password == 'pwd'
end

If you need to control a bit more your sessions/cookies you can use:

set :sessions,
  :key          => '__awesome_key',
  :secret       => 'awesome_password',
  :expire_after => 1.year