I’ve just found Luke Redpath’s SessionTimeout plugin. From the writeup, it looks like it will do exactly what I need. Unfortunately, from my experience so far, it looks like it doesn’t do a dang thing!!! I’m sure it’s an operator-error problem. Any help would really be appreciated.
I made a real simple sandbox app to test it out. The controller looks like this.
class CreateController < ApplicationController
session_times_out_in 5.seconds, :after_timeout => :goodbye
def index
end
def goodbye
redirect_to :controller => ‘create’, :action => ‘goodbye’
end
end
The index and goodbye views are just simple text letting me know where I am. I’m using an AR session store and can see the updated_at field being set correctly. It’s just that nothing happens in the app after 5.seconds.
I wonder if you refreshed the page after the 5.seconds is up. I think the refresh
may trigger the timeout code but I haven't worked with this plugin.
It seems your test code has a cyclic redirect (:goodbye => :goodbye). You may see
an 'interesting' effect if the plugin does work.
Cheers,
Long
Bill Walton wrote:
I've just found Luke Redpath's SessionTimeout plugin. From the writeup, it looks like it will do
exactly what I need. Unfortunately, from my experience so far, it looks like it doesn't do a dang
thing!!! I'm sure it's an operator-error problem. Any help would _really_ be appreciated.
I made a real simple sandbox app to test it out. The controller looks like this.
class CreateController < ApplicationController
session_times_out_in 5.seconds, :after_timeout => :goodbye
def index
end
def goodbye
redirect_to :controller => 'create', :action => 'goodbye'
end
end
The index and goodbye views are just simple text letting me know where I am. I'm using an AR
session store and can see the updated_at field being set correctly. It's just that nothing happens
in the app after 5.seconds.
I wonder if you refreshed the page after the 5.seconds is up.
I think the refresh may trigger the timeout code but I haven't
worked with this plugin.
Yep. I tried that. The page refreshes and the created_at field in the AR session record gets updated. It doesn't trigger the "after_timeout" method
It seems your test code has a cyclic redirect (:goodbye =>
:goodbye). You may see an 'interesting' effect if the plugin
does work.
Oops :-p I'd tried putting the session_times_out_in function and the goodbye method in application.rb and then calling the goodbye method in the 'create' controller to render the 'goodbye' view. It didn't work there either.
Long wrote:
>
> I wonder if you refreshed the page after the 5.seconds is up.
> I think the refresh may trigger the timeout code but I haven't
> worked with this plugin.
Yep. I tried that. The page refreshes and the created_at field in the AR
session record gets updated. It doesn't trigger the "after_timeout" method
> It seems your test code has a cyclic redirect (:goodbye =>
> :goodbye). You may see an 'interesting' effect if the plugin
> does work.
Oops :-p I'd tried putting the session_times_out_in function and the
goodbye method in application.rb and then calling the goodbye method in the
'create' controller to render the 'goodbye' view. It didn't work there
either.
Where can I find this plugin and documentation? I'd be interested in helping
make it work.
Doesn't the session get updated before the controller
is invoked? Would that not reset the updated time for
the session?
Based on what I'm seeing, at least in an AR session, the created_at field only get's updated whenever there's explicit user action like a refresh or clicking a link on a page. That does make some sense to me given what (little) I know about the Rails architecture.
Thanks for the links. I've gone over the logistics of the session_timeout.rb module and
didn't see anything obvious. Your code should have worked (to the point of cyclic redirects).
I decided to grab the plugin and run my own tests. You're right, the plugin is working, at least
for FileStore sessions. I don't use AR session store, yet.
def goodbye
logger.info ">>>> Running :goodbye"
redirect_to '/'
end
Another place to look is ../log/development.log and look for the logger.info entries.
The :except option seems to be undocumented. It will prevent the filter from running
when :goodbye is called in the callback.
Well that is all I have. I doubt AR session store would be any different but I
could be wrong. One silly thing to watch for is the correct spelling of :after_timeout.
It got me and I was seeing the effect you described.
Thanks much for the reply, and for checking out the plugin. I appreciate it. More below.
Long wrote:
Thanks for the links. I've gone over the logistics
of the session_timeout.rb module and didn't see
anything obvious. Your code should have worked
(to the point of cyclic redirects).
Thanks for letting me know. I had some 'problems' getting the plugin installed so I think I'm going to just delete the whole Rails install and start over (I'm using Instant Rails, so it's easy).
I decided to grab the plugin and run my own tests.
You're right, the plugin is working, at least for
FileStore sessions.
Could you say more about how it's 'working'?
Specifically, does it do the redirect to :goodbye 'on its own' after the time has run? Or does it only do it if the user requests a page after the time has run?
I don't use AR session store, yet.
The switch to AR is unbelievably painless. All it takes is uncommenting one line in config\environment.rb and putting a session table in your SQL script or migration. My SQL script for this test is:
drop table if exists sessions;
create table sessions (
id int not null auto_increment,
sessid varchar(255),
data text,
updated_at datetime default NULL,
primary key(id),
index session_index (sessid)
) engine=InnoDB;
If you find out anything, I'd really appreciate it if you'd pass it along.
> Thanks for the links. I've gone over the logistics
> of the session_timeout.rb module and didn't see
> anything obvious. Your code should have worked
> (to the point of cyclic redirects).
Thanks for letting me know. I had some 'problems' getting the plugin
installed so I think I'm going to just delete the whole Rails install and
start over (I'm using Instant Rails, so it's easy).
I was looking for a zip file to install but didn't see one so I grabbed the
lib/session_timeout.rb and the init.rb files and installed manually.
ruby script/generate plugin session_timeout
then I overwrite the files with the downloaded ones.
> I decided to grab the plugin and run my own tests.
> You're right, the plugin is working, at least for
> FileStore sessions.
Could you say more about how it's 'working'?
Specifically, does it do the redirect to :goodbye 'on its own' after the
time has run? Or does it only do it if the user requests a page after the
time has run?
I wonder if I misunderstood your original question. It is working in the way
that when the user refreshes after the time has run out the :goodbye method
gets invoked. In my test code the browser was redirected to /.
If you are looking to expire a session automatically (on its own) then this
plugin will not do it. In fact Rails is not designed to behave like that. There is
no Container (like Java) that will do session management for you. The best we can
do with Rails here is to have an external background process that run periodically and
delete sessions that have 'expired', base on the updated_at timestamp.
> I don't use AR session store, yet.
The switch to AR is unbelievably painless. All it takes is uncommenting one
line in config\environment.rb and putting a session table in your SQL script
or migration. My SQL script for this test is:
I just haven't had the requirement to use it, but the information you provide will
prove useful. Thanks.
I was looking for a zip file to install but didn't see one
A zip would definitely have been nice. Or a URL that would let me use script install. No luck there either.
so I grabbed the lib/session_timeout.rb and the
init.rb files and installed manually.
ruby script/generate plugin session_timeout
then I overwrite the files with the downloaded ones.
Thank you _very_ much. This approach did not occur to me. I thought I was going to end up dead in the water.
If you are looking to expire a session automatically
(on its own) then this plugin will not do it. In fact Rails
is not designed to behave like that.
Yep. That's what I'm looking for. I was hoping maybe Luke had corrected that design 'flaw' Seriously... the app I'm working on has a requirement that's not just unusual for Rails, I think it's a bit unusual period. Visitors enter information into the app which takes it and creates a file in a standardized xml format. They save the file to their local PC. When they logout of the app all the information they've entered must be removed from the app's database and from the file system. On top of that, the app has a session timeout mechanism that resets every time the visitor interacts with the app; like online banking apps.
The best we can do with Rails here is to have an
external background process that run periodically
and delete sessions that have 'expired', base on the
updated_at timestamp.
My impression is that Luke's SessionTimeout plugin improves the situation somewhat. At least it looks like it'll make it easy to satisfy the 'keep-alive' requirement. I'm planning to use Ezra's backgroundrb plugin for the external process since, as I understand it, its workers have access to the app models. It seems to me that having access to those will make the cleanup a lot easier.
If you've got any interest in pushing the envelope in Rails session management, let me know. This definitely does.
> The best we can do with Rails here is to have an
> external background process that run periodically
> and delete sessions that have 'expired', base on the
> updated_at timestamp.
My impression is that Luke's SessionTimeout plugin improves the situation
somewhat. At least it looks like it'll make it easy to satisfy the
'keep-alive' requirement. I'm planning to use Ezra's backgroundrb plugin
for the external process since, as I understand it, its workers have access
to the app models. It seems to me that having access to those will make the
cleanup a lot easier.
By default Rails does not expire sessions so 'keep alive' is not really a problem.
You can have a user log in for as long as the browser will keep the cookie.
Rolling your own external process is not that difficult either. Have a look in
the ../script directory for examples. It shows you how to hook in to the AR
models for use outside of Rails.
If you've got any interest in pushing the envelope in Rails session
management, let me know. This definitely does.
Well I have written my own plugin for this in my projects, albeit not as elegant
as the one by Luke at Agile Evolved, but it does the job. I was able to make mine
a bit more useful borrowing some ideas from his plugin. I plan to release my
plugin but just haven't got around to documenting it (on todo list). I hope to
find some time and do this soon.
In terms of pushing the envelope, I think if there is a will there is a way. It
might be possible to clean up dropped sessions in an automated way. This
sounds like a worthwhile project to get on.