Geek asks and answers

Rails 3 + Devise: Logout After Timeout

In my application, I set Devise to session timeout after 30 minutes. Which works great ... the user must log in again after this time. My only problem is that the developer does not seem to use the destroy action in the session controller after the session timed out. Therefore, the: signed_in attribute for the user is not set to false. Thus, even after the session has ended, this user is still displayed as online. Is there a way to destroy a session after a timeout or set the signed_in attribute to false after a certain time and close the browser?

My kill action in the session controller:

def destroy
  current_user.try("signed_in=", false); current_user.save
  signed_in = signed_in?(resource_name)
  sign_out_and_redirect(resource_name)
  set_flash_message :notice, :signed_out if signed_in
end
+3
source share
2 answers

With the new version of Devise, it works as follows in order to have the exact online / offline status:

put this in your application_controller:

before_filter :last_request

def last_request
 if user_signed_in?
  if current_user.last_request_at < 1.minutes.ago
    current_user.update_attribute(:last_request_at, Time.now)
  end
  if current_user.currently_signed_in = false
      current_user.update_attribute(:currently_signed_in, true)
  end
 end
end

With each action, the application checks if the last request was more than 1 minute ago, if so, it updates the user attribute.

put this in user.rb:

before_save :set_last_request

Warden::Manager.after_authentication do |user,auth,opts|
  user.update_attribute(:currently_signed_in, true)
end

Warden::Manager.before_logout do |user,auth,opts|
  user.update_attribute(:currently_signed_in, false)
end

def set_last_request
  self.last_request_at = Time.now
end

def signed_in?
 if self.currently_signed_in

  if self.timedout?(self.last_request_at.localtime)
    return false
  else
    return true
  end

 else
  false
 end
end

can you use signed_in? method for determining the status of online users.

+1
source

I am not an expert at Devise, but I suspect this is due to HTTP statelessness. During development, it is only known that the session is disconnected when the user again tries to access the page after your timeout length and most likely will only call the destroy method when the user really logs out and the destroy method is called on the session controller.

, , , , , , destroy ( - ).

+4

More articles:


All Articles