Server-side session management for short session expirations?

I need to effectively log a user out if their session is inactive for more than a short period of time, like 5 minutes. I need some help understanding how to approach session expiration and cleanup in Rails.

When the user explicitly logs out of my app, I delete all the data they’ve entered/that’s been created during their session. The data includes files, database records, and then their session data. The controller code that gets executed when they log out is:

def cleanup
emrec = find_emrec
files = Tempfilerec.find(:all,
:conditions => [“emrec_id = ?”,])
files.each {|file|
#FileUtils.rm “#{RAILS_ROOT}/public/#{file.filename}” for production
FileUtils.rm “public/#{file.filename}”


I need to execute the same functionality when their session times out and I’m having a real problem understanding how to go about it.

If I understand what I’ve read, the :session_expires option, which I’d hoped to use to control their timeout, works with cookie-based, client-side session management, not server-side. Is that right? Is there a way to do server-side session mgmt. in a case like this?



Hi Tim,

Tim Perrett wrote:

You could look at DRB... this has its own
expiry mechanism built into it.

Based on what I'm understanding at this point (which I may be getting wrong), my problem is not really how to expire / remove the session and the data stored in it.

My problem is how to delete the files and database records that are *referenced* by items in the session store.

I 'm expecting a small (i.e., < 100) number of concurrent sessions. Based on what I've read, the default Pstore mechanism should handle this just fine. I guess I can use a filter to update the file whenever there's user activity. If I sweep the store periodically I can delete the session files older than my timeout setting. What I can't get my arms around is...

How do I get at the data in the session store so I can do the database and file cleanup? Rails knows how to unmarshal it. But can I do that from a Ruby script? And, assuming I can do that, the database has several tables that are tied through belongs_to::has_many relationships. The emrec model contains all the has_many relationships, all of which have :dependent => :delete_all clauses. So, as in the code I posted originally, I get rid of all the database records with a single 'emrec.destroy.' But Rails has the knowledge of the model to allow that. Can I do that from a Ruby script?

Thanks for any thoughts!