Signing out of remote sessions

Hi everyone,

My goal is to allow users of a Rails web app to see all their open
sessions on other computers and close/sign out of them remotely.
Similar to gmail's "Account activity" page (link found at the bottom
of the gmail inbox page).

I can technically achieve this by using the sessions in the database

    account_sessions = CGI::Session::ActiveRecordStore::Session.find
(:all)

and iterating over them to find sessions corresponding to the current
user (the user ID is stored in the session data), and allowing the
user to destroy these sessions.

However, this doesn't offer the usual convenience of working with
Rails models. I can't easily express a has_many relationship with the
user and make use of

  current_user.sessions

nor can I easily put an index on user_id since it's in the data part
of the session (instead of being its own column).

This approach also may become impractical if the number of sessions
grows, since in the above the table is read into memory.

As a solution, I'm thinking of creating my own model which "mirrors"
the relevant portions of the session and is created/updated/destroyed
to maintain that correspondence.

This isn't a great way to go about it due to data replication and
added complexity of code, but I didn't find another way to do it.

So the question is: is this a good way to go about it, or am I missing
something?

Thanks in advance!

Fraser

Hi Fraser,

However, this doesn't offer the usual convenience of working with
Rails models. I can't easily express a has_many relationship with the
user and make use of

  current_user.sessions

nor can I easily put an index on user_id since it's in the data part
of the session (instead of being its own column).

Assuming you're using :active_record_store, you can add fields to the
sessions table and I believe you could do the above. I can't recall how
to go about it, and it's probably changed with the inclusion of Rack,
but there is a way to find out the id of the record in the sessions
table that's holding your session data. Dig into the
ActionController::SessionManagement code.

HTH,
Bill