我正在寻找一个解决方案,允许我定期检查用户会话是否已过期,如果是,则将其重定向到登录页面。
我正在使用Authlogic gem,所以我正在做的是调用一个在current_user上进行测试的函数。
我的USER_SESSION_TIMEOUT是5分钟,所以我每隔5:10分钟进行一次这个ajax调用。
<%= periodically_call_remote :url => {:controller => 'user_session', :action => 'check_session_timed_out'}, :frequency => (USER_SESSION_TIMEOUT + 10.seconds) %>
def check_session_timed_out
if !current_user
flash[:login_notice] = "Your session timed out due to a period of inactivity. Please sign in again."
render :update do |page|
page.redirect_to "/user_sessions/new"
end
else
render :nothing => true
end
end
我注意到每次调用current_user时,用户对象都会更新,因此会话更新为5分钟。
打开一个选项卡时没有问题但是如果每次调用check_session_timed_out时都有2个选项卡,则current_user将更新用户,因此会话永不过期。
任何想法? 感谢
答案 0 :(得分:6)
Authlogic可以为您完成此操作。只需在您的模型中使用:
在用户模型上:
acts_as_authentic do |c|
c.logged_in_timeout(5.minutes)
end
...以及UserSession模型:
self.logout_on_timeout = true
干脆工作! = d
答案 1 :(得分:5)
来自AuthLogic source itself:
# For example, what if you had a javascript function that polled the server
# updating how much time is left in their session before it times out. Obviously
# you would want to ignore this request, because then the user would never
# time out. So you can do something like this in your controller:
def last_request_update_allowed?
action_name != "update_session_time_left"
end
在您的情况下,您可能希望使用操作名称将该方法添加到控制器:
def last_request_update_allowed?
action_name != "check_session_timed_out"
end