Cleanup at session expiration

Bill_Walton · August 22, 2006, 3:52pm

I’m going to explicitly time out sessions if they’re idle more than X minutes. Like online banking sites do.

How do I set things up so that, when a session expires, a set of database records and a set of files that may have been created (which are identified via a seperate set of database records) are deleted just before the session data?

TIA,

Bill

Long · August 22, 2006, 6:42pm

Assuming you are using 'reset_session' to clean up, why not over-ride the method in your Controller like

def reset_session do_my_clean_up super end

Long

Bill_Walton · August 22, 2006, 8:30pm

Hi Long,

Long wrote:

Assuming you are using 'reset_session' to clean up, why not over-ride the method in your Controller like

def reset_session do_my_clean_up super end

I am using reset_session as the last action of the manual cleanup (which is what I need to automate). Is that what RoR uses? So if I just set an expiration time on the session, and have the over-ridden 'reset_session' action in my Controller, RoR will call that action? It hadn't occurred to me to just over-ride the method. That's sooooo cool. Rails ROCKS! Thanks!

Bill

Long · August 22, 2006, 8:49pm

Hi Long,

Long wrote:

> Assuming you are using 'reset_session' to clean up, > why not over-ride the method in your Controller like > > def reset_session > do_my_clean_up > super > end

I am using reset_session as the last action of the manual cleanup (which is what I need to automate). Is that what RoR uses? So if I just set an expiration time on the session, and have the over-ridden 'reset_session' action in my Controller, RoR will call that action? It hadn't occurred to me to just over-ride the method. That's sooooo cool. Rails ROCKS! Thanks!

Hey Bill,

Yes I think that will work. Rails ROCKS for sure but the method over-ride concept is really fundamental to OO.

Cheers,

Long

Bill_Walton · August 22, 2006, 9:33pm

Hi Long,

Long wrote:

the method over-ride concept is really fundamental to OO.

I understand how over-ride works for methods I explicitly call. But that isn't the case here. The use case starts with an abandoned session. I found documentation on how to set the expiration time, how to reset it so the session stays alive, etc. But I couldn't find any documentation or examples on how the expiration process works (i.e., this call, then that, etc.) or of how to hook into it. Do I need to put the over-ridden definition in application.rb? Or will RoR somehow find it whichever Controller it's in? Can you point me to any documentation on how this works? Does Rails keep a list somewhere of all the methods an application over-rides?

Thanks, Bill

Long · August 22, 2006, 10:56pm

Long wrote:

> the method over-ride concept is really > fundamental to OO.

I understand how over-ride works for methods I explicitly call. But that isn't the case here. The use case starts with an abandoned session. I found documentation on how to set the expiration time, how to reset it so the session stays alive, etc. But I couldn't find any documentation or examples on how the expiration process works (i.e., this call, then that, etc.) or of how to hook into it. Do I need to put the over-ridden definition in application.rb? Or will RoR somehow find it whichever Controller it's in? Can you point me to any documentation on how this works? Does Rails keep a list somewhere of all the methods an application over-rides?

I will just put my 2cents in with Al's post.

Without over-riding 'reset_session', one can call it from any controller that is a subclass of ApplicationController (AC). If ALL subclasses of AC requires the manual clean up then the answer is "Yes, over-ride in AC".

In a previous technology I was accustomed to relying on a "Session Manager" that runs in a background process and zaps all expired sessions automatically. It seems we need to manage sessions differently in RoR. Once a session is idle for an extended period (either abandoned or due to a long coffee break), the only way (well in most cases) it gets more activity is through access from the originating browser.

So it makes sense to me to invalidate the session when the client tries to reconnect and force him/her to a new session, if the current session is deem expired. For the "truly" abandoned sessions a cron job will have to do.

Long