问题
I'm using Ember Simple Auth Devise v 0.6.4 in an Ember-cli app.
I can log in fine but when I refresh the page the session is lost. (Tested in Firefox and Chrome.)
Right after logging in, inspecting the localStorage shows the session and after refreshing localStorage is empty.
Here's what's in the local storage when I sign in:
回答1:
The problem is that you have neither user_token nor user_email in the session which are required for the session to be authenticated. So as soon as you reload the page the authenticator's restore method rejects the session. Also without user_token and user_email the authorizer is not going to actually authorize any requests.
You'll need to change your server side devise setup as described here.
回答2:
I have run into the same issue with simple-auth-devise.
The problem was that inconfig/environment.js the identificationAttributeName was overridden.
ENV['simple-auth-devise'] = {
identificationAttributeName: 'email'
};
By doing so, it no longer matched the data returned by Users::SessionsController on successful authentication, taken from the ember-simple-auth-devise Readme:
data = {
token: user.authentication_token,
user_email: user.email
}
The attribute names must match, so the solution is to use the identificationAttributeName in the JSON returned by the controller:
data = {
token: user.authentication_token,
email: user.email
}
Like marcoow pointed out, it is all in the implementation of the Devise authorizer restore() method.
回答3:
I'm experiencing the same issue, e.g. my session is getting nuked on refresh.
This is undesired behavior, and for me at least doesn't appear to have anything to do with server side devise setup.
No requests are being sent to the server, it's just a matter of keeping the session alive by using the cookies which should be checked first.
回答4:
I had this issue as well. It turns out that the restore method in the authenticator did not take into account the resource name.
In particular, changing the line indicated here: https://github.com/simplabs/ember-simple-auth/blob/master/packages/ember-simple-auth-devise/lib/simple-auth-devise/authenticators/devise.js#L95
as follows:
if (!Ember.isEmpty(propertiesObject.get(_this.resourceName)[_this.tokenAttributeName]) && !Ember.isEmpty(propertiesObject.get(_this.resourceName)[_this.identificationAttributeName])) {
solved the problem.
Note that my local storage looked like:
{"secure":{"authenticator":"simple-auth-authenticator:devise","user":{"id":1,"email":"test@gmail.com","created_at":"2015-07-20T22:30:47.966Z","updated_at":"2015-07-23T17:45:41.874Z","authentication_token":"7Uv6LysQ2h3x-P4WUMmU","token":"7Uv6LysQ2h3x-P4WUMmU"}}}
As a result, this required the additional changes in the config/environment.js
ENV['simple-auth-devise'] = {
identificationAttributeName: 'email',
resourceName: 'user',
tokenAttributeName: 'authentication_token',
crossOriginWhitelist: ['*']
};
Changing bower_components/ember-simple-auth/simple-auth-devise.amd.js is what allowed me to see that this indeed was my problem.
来源:https://stackoverflow.com/questions/25215010/ember-simple-auth-session-lost-on-refresh