how to access user id from cookie using javascript: Rails, Devise, Page Caching

Question

I have various image galleries for different users. For the most part the complete page may be cached. However I also want the following features:

1. If a user is logged in and visiting his own gallery, then the user can see an "x" delete link overlaying each image.

2. If a user is logged in and on someone else's gallery, then they can see overlays "thumb up", "thumb down" voting for each image.

3. If a user is NOT logged in, they can see the overlays for voting, however clicking on them will pop-up a login dialog.

The approach I have come up with is this:

• In the server side erb template I will always generate the voting links and delete links regardless of login status, but I will have them hidden with css by default.
• I will then reveal them using js depending on the user's login status.

The question is... what is the best way of determining the user's login status on a cached page? Can I use cookies over cached pages?

Would it work if I had a piece of javascript on the cached page that checked for a cookie value similar to this:

  if ($.cookie("user_id") == 23) { //if user is owner of this gallery...
     //reveal delete links, hide voting links
  }

I hate to build something special to set that cookie... there should already exist some type of DEVISE cookie right? How do I access it?

Answer 1

Use $.cookie("user_id") to set the cookie, use $.cookie("user_id", "23") to set a cookie. You should beware of unauthenticated abuse, though: Every credential-less request that requires authentication should be rejected, or the purpose of logging in will be defeated.

If you want to check for the available cookies on your website, use this bookmarklet:

javascript:alert(document.cookie)