Best IT Recipes

Setting a Session Timeout in Rails 3

It seems simple: I'm trying to set up an Active Record session on rails for a timeout after 2 minutes. So in two minutes, I want my users to have to log in again.

I just run rails server (i.e. WebBrick) on my local dev machine.

I know that this is due to the following code in config/initalizers/session_store.rb , but I donโ€™t think I nailed it:

 CodedOn::Application.config.session_store :active_record_store CodedOn::Application.configure do config.action_controller.session = {:expire_after => 2.minutes} end

This does not work, or at least my session does not appear while waiting. I can't learn much about the way Rails 3 does this, as I know things have changed with Rails 2.x.

Can someone help me?

+45
ruby-on-rails activerecord ruby-on-rails-3 session
May 02 '11 at 18:35
source share
6 answers

I think you will have to do this manually, since the expire_after option is not used in the active record store. Therefore, as part of your (I assume) before the filter, you should do this:

 def authenticate if session[:logged_in] reset_session if session[:last_seen] < 2.minutes.ago session[:last_seen] = Time.now else ... authenticate session[:last_seen] = Time.now end end

Obviously, this is not complete, but this should give you the basic idea.

UPDATE

Functionality seems to be present on rails since version 2.3. I found the appropriate code here . This is AbstractStore, which should serve as the base class for all derivatives. So, as dadooda suggests, the following should work:

 Some::Application.config.session_store :active_record_store, { expire_after: 24.hours, }
+46
May 2 '11 at 18:40
source share

I did it in a simple way, you can try the following:

In your config/initializers/session_store.rb just do the following:

 Yourapp::Application.config.session_store :cookie_store, :key => "_yourapp_session", :expire_after => 2.minutes

It works for me for sure, hope works for you too.

+35
Aug 18 '12 at 6:30
source share

You need to do it manually. Here is an example of creating a class method for ActiveRecord sessions. You can use Rufus-Scheduler and / or DelayedJob to regularly call it.

 class Session < ActiveRecord::Base def self.sweep(time = 1.hour) if time.is_a?(String) time = time.split.inject { |count, unit| count.to_i.send(unit) } end delete_all "updated_at < '#{time.ago.to_s(:db)}' OR created_at < '#{2.days.ago.to_s(:db)}'" end end

Additional information on why this is important: http://guides.rubyonrails.org/security.html#session-expiry

+4
Jan 26 '12 at 20:05
source share

mosch says:

I think you will have to do this manually, since the expire_after option is not used in the active record store.

This seems to be no longer the case. :expire_after worked for me in Rails 3.2.11:

 Some::Application.config.session_store :active_record_store, { key: "some_session_id", domain: ".isp.com", expire_after: 24.hours, }

Automatically renew cookie after each application request. The session is saved through the browser exits.

I did the above trick to โ€œglobalizeโ€ the session in the domain for a simple single sign-on feature, it seems to work so far.

+4
Jan 12 '13 at 11:54 on
source share

Expiration time.

 MAX_SESSION_TIME = 60 * 60 before_filter :prepare_session def prepare_session if !session[:expiry_time].nil? and session[:expiry_time] < Time.now # Session has expired. Clear the current session. reset_session end # Assign a new expiry time, whether the session has expired or not. session[:expiry_time] = MAX_SESSION_TIME.seconds.from_now return true end
+2
May 30 '12 at 6:10
source share

Just add the timeout_in method to your model and it should do the trick:

   def timeout_in
     2.minutes
   end
-four
Mar 09 '14 at 19:56
source share


More articles:


All Articles