Welcome to Working With Rails

 

Discussion Forums

Discuss all things Ruby on Rails with perhaps the web's most vibrant group of Ruby on Rails enthusiasts.
Managing automatic logout.
6 Posts
Managing automatic logout.

Hi All,

Before I delve into the wonderful world of background macros, etc., I was curious as to whether anyone had suggestions for managing automatic logouts.

For instance, if I have users logged in for more than an hour without performing any tasks, I'd like to log them out. I'm currently using 'restful_authentication' to handle my users, so it'd be nice if I could "integrate" a solution to use that (although I'm sure integration wouldn't be hard).

Anyway, I'm all ears -- or eyes as the case may be.

Thanks, Michael

I don't know any built-in way to control sessions timeouts, but i think it's not hard do implement. I think you can mantain a new value in your session hash, like session[:login_time] and create a "before filter" in ApplicationController that checks if Time.now - session[:login_time] <= time_you_wat_the_session_to_expire. If this time is greater than what you want, you can redirect user to the login form.

The PragProg "Rails Recipes":http://www.pragprog.com/titles/fr_rr/rails-recipes book has a cool way of doing it. Here's the jist:

Use a controller filter to update a session[:expires_at] with a future time you want, updating this each time an action is taken on the site. Use periodically_call_remote to call a method that checks this value. When the time has elapsed destroy the session and render the login page. Their example also notes that you can react ahead of time and update the screen with a timeout warning message as well.

I haven't tried it myself but it sounds pretty good.

My session code works a lot like Clemens has described. Here it is for simple perusal:

class ApplicationController < ActionController::Base
  before_filter :prepare_session
  def prepare_session

     if !session[:expiry_time].nil? and session[:expiry_time] < Time.now
        reset_session
     end

     session[:expiry_time] = (60 * 15).seconds.from_now
     return true
  end
end

I rather do like the proactive ajax check approach Raul is mentioning though. It is definitely something you will have to play with to see which approach best suits your needs.

In Michael's code :

  • You should be using prepend_before_filter for things like this as a rule of thumb
  • 'return true' is not needed and won't have any effect.

Thanks :)

Raul idea is good.

it helps a lot for me .......

Thank You, Uma.

6 Posts
Login to add your message