restful_authentication plugin + session timeout + single login session?


I am using restful authentication plugin

1) I was wondering if there is a way to do a session timeout using the restful_authentication.

How do I hack it to get the behaviour I need?

2) On top of that, I may need to ensure that a particular user can only login from a single PC. If the user is already logged in at a PC and attempts to login from another PC, the session in which he signs in on the first PC will auto log out.

Again, I would like to know how that is possible given restful_authentication.

Thank you all.

The only way i know about to expire a rails session is to remove the session key from the db (if you're using activerecordstore) or session files from tmp/sessions (if using file system) You can do this with a simple rake task that you run periodically with cron, which checks for any records/files updated_at > - 20 mins and destroys them .

Something like Parked at Loopia

The second question requires something a bit more. You would most likely create an extra column in the db which you could use to store the key that matches the session, then when you log in you destroy the previous session record.

In order to easily manipulate the session table you can create a model called session.rb which inherits from ActiveRecord, or you can access it directly using ...... CGI::Session::ActiveRecordStore::Session

Haven't done this myself but there seems to be bags of information about retrieving and manipulating session ids and data here

More information and a plugin for dynamic session expiration can be found here: and general information on sessions here: