Sarav's Weblog

Technical Articles for RoR Developers

Rails 3 – AuthLogic implementation – A basic tutorial

Last week I had a chance to implement authlogic for one of my projects. Initially I planned to go with Devise – Flexible authentication solution for Rails. It can be easily to plug and play. But I had a different intent/requirement to go with authlogic.

This tutorial will explain about, AutuhLogic implementation with rails 3. I’m just going to go over the basic commands/files that you need to get the framework up and working. Please refer to this link “” for a depth information. Reading required ūüôā I believe you have already installed rails 3 and other required gems. Here we go..

Auth Logic Basic Set up – Installation and configuration
Install authlogic gem

$ [sudo] gem install authlogic

create new application

$rails new auth_logic_implementation

Include the gem in the gem file #Gemfile

gem “authlogic”

database connectivity
I’ve used “mysql” for database connectivity. Change the database settings based on your mysql settings.

adapter: mysql
database: auth_logic_development
username: root
password: root

create database – run the following command

$rake db:create

Working with Models
create user and user_session models.

$rails g model user_session
$rails g model user

User session models will take care of the user sessions. In order to achieve this you have to inherit user_session model from AuthLogic.(ie AuthLogic instead of ActiveRecord)”

class UserSession < Authlogic::Session::Base

Then, in the user model, you have to tell Authlogic that its the model that you wand to use for logging in and out.

class User < ActiveRecord::Base
  acts_as_authentic do |c|
  end # block optional

and then update the migration files

 class CreateUserSessions < ActiveRecord::Migration
 def change
    create_table :user_sessions do |t|
      t.string :session_id, :null => false
      t.text :data

    add_index :user_sessions, :session_id
    add_index :user_sessions, :updated_at



class CreateUsers <ActiveRecord::Migration
  def change
    create_table :users do |t|
      t.string    :name,                :null => false, :default => ''
      t.string    :login,             :null => false
      t.string    :crypted_password,    :null => false
      t.string    :password_salt,       :null => false
      t.string    :email,               :null => false
      t.string    :persistence_token,   :null => false
      t.string    :single_access_token, :null => false
      t.string    :perishable_token,    :null => false                   

      t.integer   :login_count,         :null => false, :default => 0
      t.integer   :failed_login_count,  :null => false, :default => 0
      t.datetime  :last_request_at
      t.datetime  :current_login_at
      t.datetime  :last_login_at
      t.string    :current_login_ip
      t.string    :last_login_ip                                           


Make sure you have a model that you will be authenticating with. Since we are using the User model it should look something like:

class User < ActiveRecord::Base

  acts_as_authentic do |c|
    c.login_field = 'email'

  end # block optional


Do the migration

$rake db:migrate

Application controller and helper methods

class ApplicationController < ActionController::Base

  #filter_parameter_logging :password, :password_confirmation # there are underscores :-|

  helper_method :current_user_session, :current_user

    def current_user_session
      return @current_user_session if defined?(@current_user_session)
      @current_user_session = UserSession.find

    def current_user
      return @current_user if defined?(@current_user)
      @current_user = current_user_session && current_user_session.user

    def require_user
      logger.debug "ApplicationController::require_user"
      unless current_user
        flash[:notice] = "You must be logged in to access this page"
        redirect_to new_user_session_url
        return false

    def require_no_user
      logger.debug "ApplicationController::require_no_user"
      if current_user
        flash[:notice] = "You must be logged out to access this page"
       # redirect_to home_index_path
        return false

    def store_location
      #session[:return_to] = request.request_uri

    def redirect_back_or_default(default)
      redirect_to(session[:return_to] || default)
      session[:return_to] = nil


user_sessions controller, view, and routes


$ rails g controller user_sessions

class UserSessionsController  [:new, :create]
  before_filter :require_user, :only => :destroy

  def new
    @user_session =

  def create
    @user_session =[:user_session])
      flash[:notice] = "Login successful!"
      redirect_back_or_default account_url(@current_user)
      render :action => :new

  def destroy
    flash[:notice] = "Logout successful!"
    redirect_back_or_default new_user_session_url


# app/views/user_sessions/new.html.erb
<%= form_for @user_session, :as => :user_session, :url => { :action => "create" } do |f| %>
   <%= render "shared/error_messages", :target => @user_session %>
  <%= f.label :email %><br />
  <%= f.text_field :email %><br />
  <br />
  <%= f.label :password %><br />
  <%= f.password_field :password %><br />
  <br />
  <%= f.check_box :remember_me %><%= f.label :remember_me %><br />
  <br />
  <%= f.submit "Login" %>
<% end %>

Users and User Registration

$ rails g controller users

class UsersController < ApplicationController    before_filter :require_user, :only => [:show, :edit, :update]

  def new
    @user =

  def create
    @user =[:user])

    # Saving without session maintenance to skip
    # auto-login which can't happen here because
    # the User has not yet been activated
      flash[:notice] = "Your account has been created."
      redirect_to signup_url
      flash[:notice] = "There was a problem creating you."
      render :action => :new


  def show
    @user = current_user

  def edit
    @user = current_user

  def update
    @user = current_user # makes our views "cleaner" and more consistent
    if @user.update_attributes(params[:user])
      flash[:notice] = "Account updated!"
      redirect_to account_url
      render :action => :edit




<%= render "shared/error_messages", :target => @user %>

<%= form.label :name %><br />
<%= form.text_field :name %>
<%= form.label :email %><br />
<%= form.text_field :email %>
<%= form.label :password, form.object.new_record? ? nil : "Change password" %><br />
<%= form.password_field :password %>
<%= form.label :password_confirmation %><br />
<%= form.password_field :password_confirmation %>


<%= form_for @user do |f| %>
<%= render :partial => "form", :object => f, :locals => { :user => @user } %>
<%= f.submit "Register" %>
<% end %>

# app/views/users/show.html.erb
<%=h %>

<b>Login count:</b>
<%=h @user.login_count %>

<b>Last request at:</b>
<%=h @user.last_request_at %>

<b>Last login at:</b>
<%=h @user.last_login_at %>

<b>Current login at:</b>
<%=h @user.current_login_at %>

<b>Last login ip:</b>
<%=h @user.last_login_ip %>

<b>Current login ip:</b>
<%=h @user.current_login_ip %>

<%= link_to 'Edit Account', edit_account_path %>

<% if target.errors.any? %>
<div id="errorExplanation">
<h2><%= pluralize(target.errors.count, "error") %> prohibited this record from being saved:</h2>
<% target.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
<% end %>


  resources :user_sessions

  match 'login' => "user_sessions#new",      :as => :login
  match 'logout' => "user_sessions#destroy", :as => :logout

  resources :users  # give us our some normal resource routes for users
  resource :user, :as => 'account'  # a convenience route

  match 'signup' => 'users#new', :as => :signup

  root :to => 'users#new'

$rake routes

    user_sessions GET    /user_sessions(.:format)          {:controller=>"user_sessions", :action=>"index"}
                  POST   /user_sessions(.:format)          {:controller=>"user_sessions", :action=>"create"}
 new_user_session GET    /user_sessions/new(.:format)      {:controller=>"user_sessions", :action=>"new"}
edit_user_session GET    /user_sessions/:id/edit(.:format) {:controller=>"user_sessions", :action=>"edit"}
     user_session GET    /user_sessions/:id(.:format)      {:controller=>"user_sessions", :action=>"show"}
                  PUT    /user_sessions/:id(.:format)      {:controller=>"user_sessions", :action=>"update"}
                  DELETE /user_sessions/:id(.:format)      {:controller=>"user_sessions", :action=>"destroy"}
            login        /login(.:format)                  {:controller=>"user_sessions", :action=>"new"}
           logout        /logout(.:format)                 {:controller=>"user_sessions", :action=>"destroy"}
            users GET    /users(.:format)                  {:controller=>"users", :action=>"index"}
                  POST   /users(.:format)                  {:controller=>"users", :action=>"create"}
         new_user GET    /users/new(.:format)              {:controller=>"users", :action=>"new"}
        edit_user GET    /users/:id/edit(.:format)         {:controller=>"users", :action=>"edit"}
             user GET    /users/:id(.:format)              {:controller=>"users", :action=>"show"}
                  PUT    /users/:id(.:format)              {:controller=>"users", :action=>"update"}
                  DELETE /users/:id(.:format)              {:controller=>"users", :action=>"destroy"}
          account POST   /user(.:format)                   {:controller=>"users", :action=>"create"}
      new_account GET    /user/new(.:format)               {:controller=>"users", :action=>"new"}
     edit_account GET    /user/edit(.:format)              {:controller=>"users", :action=>"edit"}
                  GET    /user(.:format)                   {:controller=>"users", :action=>"show"}
                  PUT    /user(.:format)                   {:controller=>"users", :action=>"update"}
                  DELETE /user(.:format)                   {:controller=>"users", :action=>"destroy"}
           signup        /signup(.:format)                 {:controller=>"users", :action=>"new"}
             root        /                                 {:controller=>"users", :action=>"new"}

Start the application

$ rails server

Visit http://localhost:3000 – default root path set to signup. Otherwise you can hit /signup to register an account! Then log out by going to /logout, and try logging back in at /login.

Note: Dont forget to delete the public/index.html

The majority of the content was taken from the Authlogic tutorial on github.
and thanks to


11 responses to “Rails 3 – AuthLogic implementation – A basic tutorial

  1. fschwiet June 30, 2012 at 3:49 am

    within CreateUserSessions , should that be “add_index :user_sessions, :session_id” instead of “add_index :sessions, :session_id”?

  2. altaf hussain September 8, 2012 at 1:18 am

    Even I encountered the same problem while doing db:migrate. when I changed that to ‚Äúadd_index :user_sessions, :session_id‚ÄĚ it worked. It expects a table name as the first argument to add_index method

  3. Saravanan K September 10, 2012 at 4:00 pm

    @fschwiet and @altaf hussain ‚Äď Thanks for your inputs. It has been noted and updated.

  4. imikay October 9, 2012 at 7:57 pm

    You lack an edit.html.erb template in you code.

  5. Nathan Sire December 8, 2012 at 12:16 am

    /var/www/rails/myapp/app/controllers/users_controller.rb:1: syntax error, unexpected tIDENTIFIER, expecting ‘;’ or ‘\n’
    …re_filter :require_user, ūüėģ nly => [:show, :edit, :update]

  6. Ryan January 5, 2013 at 7:16 am

    I encountered an error. You will get this “Can’t mass-assign protected attributes: name, email, password, password_confirmation” when you try to register and did not set these fields in User model.

    I hope this helps

  7. Arel Em May 30, 2013 at 9:40 am

    Can’t mass assign is a permissions problem, for Rails 3 its lacking attr_accessible in a model and for Rails 4 it’s missing the params.require addition in a controller.
    All in all—- Too many errors.
    It does not translate at all to Rails 4 and that’s a great pity. This tutorial has great potential.

    99.5 percent of tutorials are light years out of date and damage the learning curve of tose who desperately want to learn Rails. I would say that a main reason for low Rails conversion from other systems is antique, inaccurate tutorials.

    All indications are: update to Ruby2 and Rails 4 as soon as possible.
    Would it be possible to update this whole tut to Rails 4 because learners will go to the new systems not prehistoric versions.

  8. Anonymous June 19, 2013 at 3:18 pm

    missing in the UserSessionsController “< ApplicationController"

  9. ale February 5, 2014 at 9:40 pm

    Does not work! too many errors, I waste 3 hours, it’s better to make it work from scratch!

  10. gaurav May 9, 2015 at 5:03 pm

    unable to save the user……..I have all the params in console it says rollback

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: