1) I was wondering if there is a way to do a session timeout using the
restful_authentication.
How do I hack it to get the behaviour I need?
2) On top of that, I may need to ensure that a particular user can
only login from a single PC. If the user is already logged in at a PC
and attempts to login from another PC, the session in which he signs
in on the first PC will auto log out.
Again, I would like to know how that is possible given
restful_authentication.
The only way i know about to expire a rails session is to remove the
session key from the db (if you're using activerecordstore) or session
files from tmp/sessions (if using file system)
You can do this with a simple rake task that you run periodically with
cron, which checks for any records/files updated_at > time.now - 20
mins and destroys them .
The second question requires something a bit more. You would most
likely create an extra column in the db which you could use to store
the key that matches the session, then when you log in you destroy the
previous session record.
In order to easily manipulate the session table you can create a model
called session.rb which inherits from ActiveRecord, or you can access
it directly using ...... CGI::Session::ActiveRecordStore::Session
