restful_authentication: update of users' attributes on every page load upon 'Remember me' being enabled?

Joerg_Battermann · December 16, 2007, 11:36pm

Hello there,

I just noticed a kinda weird thing: if users log in with the 'Remember Me' option enabled, their records in the db get updated everytime the user reloads a page, because apparently restful_authentication's code updates the remember_token_expires_at & remember_token attributes for each page load (not only once on the actual login (from cookie).

Wouldn't it make much more sense to set this remember_token_expires_at and the corresponding token once only and that's it? Or am I missing something?

Just wanna make sure the db doesn't get hit (writing-wise) over and over again during a users' browsing session on the site.

-J

Joerg_Battermann · December 17, 2007, 8:52am

Ryan,

well the default remember_me timeout is set to two weeks, so that shouldn't happen & a user typically doesn't idle on a website with his/ her browser open for 2 weeks .. well at least I hope so

I do understand the basic idea behind it, but just wondering whether it is really necessary this way...

-J

Topic		Replies	Views
"Remember Me" feature rubyonrails-talk	4	180	October 29, 2008
Authentication, REST and XML rubyonrails-talk	1	113	November 8, 2006
remember_me_for in authlogic rubyonrails-talk	6	143	February 11, 2010
Auto-logout after 15 minutes.... rubyonrails-talk	1	127	October 13, 2009
keeping users logged in between browser launches rubyonrails-talk	3	164	November 25, 2008

restful_authentication: update of users' attributes on every page load upon 'Remember me' being enabled?

Related topics

More Resources