Cleanup at session expiration

I’m going to explicitly time out sessions if they’re idle more than X minutes. Like online banking sites do.

How do I set things up so that, when a session expires, a set of database records and a set of files that may have been created (which are identified via a seperate set of database records) are deleted just before the session data?

TIA,

Bill

Assuming you are using 'reset_session' to clean up, why not over-ride the method
in your Controller like

def reset_session
    do_my_clean_up
    super
end

Long

Hi Long,

Long wrote:

Assuming you are using 'reset_session' to clean up,
why not over-ride the method in your Controller like

def reset_session
   do_my_clean_up
   super
end

I am using reset_session as the last action of the manual cleanup (which is what I need to automate). Is that what RoR uses? So if I just set an expiration time on the session, and have the over-ridden 'reset_session' action in my Controller, RoR will call that action? It hadn't occurred to me to just over-ride the method. That's sooooo cool. Rails ROCKS! Thanks!

Bill

Hi Long,

Long wrote:

> Assuming you are using 'reset_session' to clean up,
> why not over-ride the method in your Controller like
>
> def reset_session
> do_my_clean_up
> super
> end

I am using reset_session as the last action of the manual cleanup (which is
what I need to automate). Is that what RoR uses? So if I just set an
expiration time on the session, and have the over-ridden 'reset_session'
action in my Controller, RoR will call that action? It hadn't occurred to
me to just over-ride the method. That's sooooo cool. Rails ROCKS! Thanks!

Hey Bill,

Yes I think that will work. Rails ROCKS for sure but the method over-ride
concept is really fundamental to OO.

Cheers,

Long

Hi Long,

Long wrote:

the method over-ride concept is really
fundamental to OO.

I understand how over-ride works for methods I explicitly call. But that isn't the case here. The use case starts with an abandoned session. I found documentation on how to set the expiration time, how to reset it so the session stays alive, etc. But I couldn't find any documentation or examples on how the expiration process works (i.e., this call, then that, etc.) or of how to hook into it. Do I need to put the over-ridden definition in application.rb? Or will RoR somehow find it whichever Controller it's in? Can you point me to any documentation on how this works? Does Rails keep a list somewhere of all the methods an application over-rides?

Thanks,
Bill

Long wrote:

> the method over-ride concept is really
> fundamental to OO.

I understand how over-ride works for methods I explicitly call. But that
isn't the case here. The use case starts with an abandoned session. I
found documentation on how to set the expiration time, how to reset it so
the session stays alive, etc. But I couldn't find any documentation or
examples on how the expiration process works (i.e., this call, then that,
etc.) or of how to hook into it. Do I need to put the over-ridden
definition in application.rb? Or will RoR somehow find it whichever
Controller it's in? Can you point me to any documentation on how this
works? Does Rails keep a list somewhere of all the methods an application
over-rides?

I will just put my 2cents in with Al's post.

Without over-riding 'reset_session', one can call it from any controller that
is a subclass of ApplicationController (AC). If ALL subclasses of AC requires
the manual clean up then the answer is "Yes, over-ride in AC".

In a previous technology I was accustomed to relying on a "Session Manager"
that runs in a background process and zaps all expired sessions automatically.
It seems we need to manage sessions differently in RoR. Once a session is idle for
an extended period (either abandoned or due to a long coffee break), the only
way (well in most cases) it gets more activity is through access from the
originating browser.

So it makes sense to me to invalidate the session when the client tries to
reconnect and force him/her to a new session, if the current session is
deem expired. For the "truly" abandoned sessions a cron job will have to do.

Long