Working With Rails

I don’t know any built-in way to control sessions timeouts, but i think it’s not hard do implement.
I think you can mantain a new value in your session hash, like session[:login_time] and create a “before filter” in ApplicationController that checks if Time.now – session[:login_time] <= time_you_wat_the_session_to_expire.
If this time is greater than what you want, you can redirect user to the login form.

The PragProg Rails Recipes book has a cool way of doing it. Here’s the jist:

Use a controller filter to update a session[:expires_at] with a future time you want, updating this each time an action is taken on the site. Use periodically_call_remote to call a method that checks this value. When the time has elapsed destroy the session and render the login page. Their example also notes that you can react ahead of time and update the screen with a timeout warning message as well.

I haven’t tried it myself but it sounds pretty good.

My session code works a lot like Clemens has described. Here it is for simple perusal:

class ApplicationController < ActionController::Base
  before_filter :prepare_session
  def prepare_session

     if !session[:expiry_time].nil? and session[:expiry_time] < Time.now
        reset_session
     end

     session[:expiry_time] = (60 * 15).seconds.from_now
     return true
  end
end

I rather do like the proactive ajax check approach Raul is mentioning though. It is definitely something you will have to play with to see which approach best suits your needs.

In Michael’s code :

• You should be using prepend_before_filter for things like this as a rule of thumb
• ‘return true’ is not needed and won’t have any effect.

Thanks :)

Raul idea is good.

it helps a lot for me …....

Thank You,
Uma.