I have a Rails 5 app that uses the default session store for user authentication through Devise as well as a custom session controller set up to handle access to other resources for unauthenticated users.
我有一个Rails 5应用程序,它使用默认会话存储来通过Devise进行用户身份验证,以及一个自定义会话控制器,用于处理未经身份验证的用户对其他资源的访问。
The trouble is that although the sessions work properly, the application will create both cookies irrespective of the controller requiring it and end the Devise session after 30 minutes. I am looking for some guidance on how to add a custom session and configure it correctly in Rails.
麻烦的是,尽管会话正常运行,但应用程序将创建两个cookie,而不管控制器是否需要它,并在30分钟后结束设计会话。我正在寻找有关如何添加自定义会话并在Rails中正确配置它的一些指导。
My incorrect session store config:
我的会话存储配置错误:
#/config/initializers/session_store.rb
Rails.application.config.session_store :cookie_store, key: '_application_session'
Rails.application.config.session_store :cookie_store, key: 'custom_session', expire_after: 30.minutes
Is this something that needs to be addressed in middleware?
这是需要在中间件中解决的问题吗?
1 个解决方案
#1
0
After some additional trial and error I moved the session expiry logic into the controller instead of the session_store.rb config per Alexis' recommendation and now both sessions are working as expected.
经过一些额外的试验和错误后,我将会话到期逻辑移动到控制器而不是每个Alexis建议的session_store.rb配置,现在两个会话都按预期工作。
The controller method I used is more or less akin to the following:
我使用的控制器方法或多或少类似于以下内容:
#/app/controllers/custom_session_controller.rb
before_action :check_session_expiry
def check_session_expiry
if session[:custom_session_key] && session[:created_at] < 30.minutes.ago
reset_session
redirect_to new_custom_session_path, alert: "session expired"
end
end
#/config/initializers/session_store.rb
Rails.application.config.session_store :cookie_store, key: '_application_session'
Rails.application.config.session_store :cookie_store, key: 'custom_session'
I found this other similar question which was helpful in reaching a solution.
我发现了另一个类似的问题,这有助于达成解决方案。
#1
0
After some additional trial and error I moved the session expiry logic into the controller instead of the session_store.rb config per Alexis' recommendation and now both sessions are working as expected.
经过一些额外的试验和错误后,我将会话到期逻辑移动到控制器而不是每个Alexis建议的session_store.rb配置,现在两个会话都按预期工作。
The controller method I used is more or less akin to the following:
我使用的控制器方法或多或少类似于以下内容:
#/app/controllers/custom_session_controller.rb
before_action :check_session_expiry
def check_session_expiry
if session[:custom_session_key] && session[:created_at] < 30.minutes.ago
reset_session
redirect_to new_custom_session_path, alert: "session expired"
end
end
#/config/initializers/session_store.rb
Rails.application.config.session_store :cookie_store, key: '_application_session'
Rails.application.config.session_store :cookie_store, key: 'custom_session'
I found this other similar question which was helpful in reaching a solution.
我发现了另一个类似的问题,这有助于达成解决方案。