Before I delve into the wonderful world of background macros, etc., I was curious as to whether anyone had suggestions for managing automatic logouts.
For instance, if I have users logged in for more than an hour without performing any tasks, I'd like to log them out. I'm currently using 'restful_authentication' to handle my users, so it'd be nice if I could "integrate" a solution to use that (although I'm sure integration wouldn't be hard).
Anyway, I'm all ears -- or eyes as the case may be.
I don't know any built-in way to control sessions timeouts, but i think it's not hard do implement. I think you can mantain a new value in your session hash, like session[:login_time] and create a "before filter" in ApplicationController that checks if Time.now - session[:login_time] <= time_you_wat_the_session_to_expire. If this time is greater than what you want, you can redirect user to the login form.
The PragProg "Rails Recipes":http://www.pragprog.com/titles/fr_rr/rails-recipes book has a cool way of doing it. Here's the jist:
Use a controller filter to update a session[:expires_at] with a future time you want, updating this each time an action is taken on the site. Use periodically_call_remote to call a method that checks this value. When the time has elapsed destroy the session and render the login page. Their example also notes that you can react ahead of time and update the screen with a timeout warning message as well.
I haven't tried it myself but it sounds pretty good.
My session code works a lot like Clemens has described. Here it is for simple perusal:
class ApplicationController < ActionController::Base before_filter :prepare_session def prepare_session if !session[:expiry_time].nil? and session[:expiry_time] < Time.now reset_session end session[:expiry_time] = (60 * 15).seconds.from_now return true end end
I rather do like the proactive ajax check approach Raul is mentioning though. It is definitely something you will have to play with to see which approach best suits your needs.
In Michael's code :
- You should be using prepend_before_filter for things like this as a rule of thumb
- 'return true' is not needed and won't have any effect.