0
0
Ruby on Railsframework~20 mins

Login and logout flow in Ruby on Rails - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Rails Login & Logout Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens after a successful login in a Rails app?

Consider a typical Rails login controller action that authenticates a user and sets a session. What is the expected behavior immediately after a successful login?

Ruby on Rails
def create
  user = User.find_by(email: params[:email])
  if user&.authenticate(params[:password])
    session[:user_id] = user.id
    redirect_to dashboard_path
  else
    flash.now[:alert] = "Invalid email or password"
    render :new
  end
end
AThe user ID is stored in the session and the browser is redirected to the dashboard page.
BThe user ID is stored in a cookie and the login form is re-rendered.
CThe user ID is stored in a global variable and the user is redirected to the login page.
DThe user ID is stored in the session and the login form is re-rendered with an error.
Attempts:
2 left
💡 Hint

Think about what happens when login is successful: where is the user ID stored and what does the app do next?

state_output
intermediate
2:00remaining
What is the session state after logout?

Given this logout action in a Rails controller, what will be the state of session[:user_id] after it runs?

Ruby on Rails
def destroy
  session.delete(:user_id)
  redirect_to root_path
end
Asession[:user_id] will be set to false.
Bsession[:user_id] will be nil or undefined.
Csession[:user_id] will still hold the user ID.
Dsession[:user_id] will raise an error if accessed.
Attempts:
2 left
💡 Hint

Deleting a key from the session removes it. What does that mean when you try to read it later?

📝 Syntax
advanced
2:00remaining
Identify the syntax error in this login method

Which option contains the correct syntax for authenticating a user in Rails?

Ruby on Rails
def login
  user = User.find_by(email: params[:email])
  if user.authenticate(params[:password])
    session[:user_id] = user.id
    redirect_to root_path
  else
    render :new
  end
end
Aif user.authenticate(params[:password])
Bif user | user.authenticate(params[:password])
Cif user && user.authenticate(params[:password])
Dif user&.authenticate(params[:password])
Attempts:
2 left
💡 Hint

Consider what happens if user is nil. How to safely call authenticate?

🔧 Debug
advanced
2:00remaining
Why does this logout action fail to clear the session?

Given this logout method, why does the user remain logged in after logout?

Ruby on Rails
def logout
  session[:user_id] == nil
  redirect_to root_path
end
ABecause <code>redirect_to</code> must come before session changes.
BBecause <code>session.clear</code> is required to clear the session.
CBecause <code>session[:user_id] == nil</code> is a comparison, not an assignment.
DBecause the session key must be set to false, not nil.
Attempts:
2 left
💡 Hint

Look carefully at the line that tries to clear the session key. Is it doing what you expect?

🧠 Conceptual
expert
3:00remaining
What is the main security benefit of resetting the session on logout?

In Rails, calling reset_session during logout is recommended. Why is this important?

AIt prevents session fixation attacks by generating a new session ID.
BIt logs the user out from all devices automatically.
CIt encrypts the session data to protect user information.
DIt speeds up the logout process by clearing cookies faster.
Attempts:
2 left
💡 Hint

Think about what happens if an attacker steals a session ID before logout.