So, if you have ever implemented simple authentication into your Rails application, you’ve probably used or considered using Authlogic, a very popular Rails gem.

If you have experienced frustration with configuring Authlogic::Session::Base, in particular using the allow_http_basic_auth= method to disable logging in w/ basic authentication credentials, here’s a little bit of help.

(As an aside, if you do not disable this and your application is behind basic auth, Authlogic will always defer to your basic authentication for logging in, and not allow you to create an authenticated session using non-basic auth, i.e, the entire reason you installed Authlogic in the first place.)

Use “allow_http_basic_auth false” , or “self.allow_http_basic_auth=false” instead.

The reason why this occurs is fairly straightforward and has to do with Variable/Method ambiguity within Ruby. Simply put, when your Ruby interpreter sees “allow_http_basic_auth=”, it tries to guess if “allow_http_basic_auth” is:

Since (usually) there is no method proceeding the statement with the name “allow_http_basic_auth”, and no explicit receiver is set, and it could be an assignment statement (this part is key), Ruby treats “allow_http_basic_auth” as a local variable and evaluates it as an assignment statement. Which means that “allow_http_basic_auth=” (the method) does not get called. Which can lead to a lot of frustration.

So use either “self.allow_http_basic_auth=” or “allow_http_basic_auth” instead. In general, it is probably a good idea to avoid designing class methods that use the “property=” form because of this ambiguity. If you find yourself having to use a class method with that form in another library, always make the receiver explicit (in the form of self.method= or otherwise)!