在Rails 3中设置会话超时

时间:2022-10-14 22:37:19

This seems simple: I am trying to get my rails Active Record session to timeout after 2 minutes. So after two minutes I want my users to have to re-login.

这看起来很简单:我试图让我的rails活动记录会话在2分钟后超时。所以两分钟后,我希望我的用户必须重新登录。

I'm just running rails server (i.e. WebBrick) on my local dev machine.

我只是在本地的dev机器上运行rails服务器(即WebBrick)。

I know this is something to do with the following code in config/initalizers/session_store.rb, but I don't think I have quite nailed it:

我知道这与配置/插入器/session_store中的以下代码有关。rb,但我认为我还没完全搞清楚:

CodedOn::Application.config.session_store :active_record_store

CodedOn::Application.configure do
    config.action_controller.session = {:expire_after => 2.minutes}
end

This doesn't seem to work, or at least my session doesn't appear to timeout. I can't find much about the Rails 3 way to do this as I know things have changed from Rails 2.x.

这似乎不起作用,或者至少我的会话没有超时。我找不到很多关于Rails 3的方法,因为我知道事情已经从Rails 2.x发生了变化。

Can some one help me out?

有人能帮我一下吗?

6 个解决方案

#1

46  

I think you will have to do this manually since the active record store does not implement the expire_after option. So within your (I assume) before filter, you should do this:

我认为您必须手动执行此操作,因为活动记录存储没有实现expire_after选项。所以在过滤之前,你应该这样做:

def authenticate
  if session[:logged_in]
    reset_session if session[:last_seen] < 2.minutes.ago
    session[:last_seen] = Time.now
  else
    ... authenticate
    session[:last_seen] = Time.now
  end
end

Obviously, this is not complete, but it should give you the basic idea.

显然,这还不完整,但它应该给你一个基本的概念。

UPDATE:

更新:

It seems that the functionality IS present in rails since version 2.3. I found the relevant code here. This is AbstractStore which should serve as base class for all derived ones. So, as dadooda suggests, the following should work:

从2.3版本开始,这个功能就出现在rails中了。我在这里找到了相关的代码。这是AbstractStore,它应该作为所有派生类的基类。因此,正如dadooda所言,以下几点应该是有效的:

Some::Application.config.session_store :active_record_store, {
  expire_after: 24.hours,
}

#2

36  

I did this in simple way you can try this:

我这么做很简单你可以试试

In your config/initializers/session_store.rb just do this:

在你的配置/初始化/ session_store。rb只是这样做:

Yourapp::Application.config.session_store :cookie_store, 
                                             :key => "_yourapp_session",
                                             :expire_after => 2.minutes

This is working for me finely, hope works for you also.

这对我来说很好,希望对你也一样。

#3

4  

You have to do it manually. Here's an example of creating a class method for ActiveRecord sessions. You can use Rufus-Scheduler and/or DelayedJob to regularly call this.

你必须手动操作。这里有一个为ActiveRecord会话创建类方法的示例。您可以使用rufo - scheduler和/或DelayedJob来定期调用它。

class Session < ActiveRecord::Base
  def self.sweep(time = 1.hour)
    if time.is_a?(String)
      time = time.split.inject { |count, unit| count.to_i.send(unit) }
    end

    delete_all "updated_at < '#{time.ago.to_s(:db)}' OR created_at < '#{2.days.ago.to_s(:db)}'"
  end
end

More background on why it's important: http://guides.rubyonrails.org/security.html#session-expiry

关于它为什么重要的更多背景:http://guides.rubyonrails.org/security.html# session过期。

#4

4  

mosch says:

mosch说:

I think you will have to do this manually since the active record store does not implement the expire_after option.

我认为您必须手动执行此操作,因为活动记录存储没有实现expire_after选项。

It seems it's no longer this way. :expire_after worked for me in Rails 3.2.11:

似乎已经不是这样了。:expire_after为我在Rails 3.2.11工作后:

Some::Application.config.session_store :active_record_store, {
  key: "some_session_id",
  domain: ".isp.com",
  expire_after: 24.hours,
}

The cookie auto-prolongs after every request towards the app. The session persists through browser exits.

cookie自动延长了对应用程序的请求。会话通过浏览器退出。

I did the above trick to "globalize" the session across domain for a simple SSO functionality, seems to work so far.

我完成了上面的技巧,为简单的SSO功能跨域“全球化”会话,到目前为止似乎是有效的。

#5

2  

The expiration time.

过期时间。

MAX_SESSION_TIME = 60 * 60

before_filter :prepare_session

def prepare_session

   if !session[:expiry_time].nil? and session[:expiry_time] < Time.now
      # Session has expired. Clear the current session.
      reset_session
   end

   # Assign a new expiry time, whether the session has expired or not.
   session[:expiry_time] = MAX_SESSION_TIME.seconds.from_now
   return true
end

#6

-4  

Just add timeout_in method in your model and it should do the trick:

只需在模型中添加timeout_in方法,它就可以完成以下操作:

  def timeout_in
    2.minutes
  end

#1

46  

I think you will have to do this manually since the active record store does not implement the expire_after option. So within your (I assume) before filter, you should do this:

我认为您必须手动执行此操作,因为活动记录存储没有实现expire_after选项。所以在过滤之前,你应该这样做:

def authenticate
  if session[:logged_in]
    reset_session if session[:last_seen] < 2.minutes.ago
    session[:last_seen] = Time.now
  else
    ... authenticate
    session[:last_seen] = Time.now
  end
end

Obviously, this is not complete, but it should give you the basic idea.

显然,这还不完整,但它应该给你一个基本的概念。

UPDATE:

更新:

It seems that the functionality IS present in rails since version 2.3. I found the relevant code here. This is AbstractStore which should serve as base class for all derived ones. So, as dadooda suggests, the following should work:

从2.3版本开始,这个功能就出现在rails中了。我在这里找到了相关的代码。这是AbstractStore,它应该作为所有派生类的基类。因此,正如dadooda所言,以下几点应该是有效的:

Some::Application.config.session_store :active_record_store, {
  expire_after: 24.hours,
}

#2

36  

I did this in simple way you can try this:

我这么做很简单你可以试试

In your config/initializers/session_store.rb just do this:

在你的配置/初始化/ session_store。rb只是这样做:

Yourapp::Application.config.session_store :cookie_store, 
                                             :key => "_yourapp_session",
                                             :expire_after => 2.minutes

This is working for me finely, hope works for you also.

这对我来说很好,希望对你也一样。

#3

4  

You have to do it manually. Here's an example of creating a class method for ActiveRecord sessions. You can use Rufus-Scheduler and/or DelayedJob to regularly call this.

你必须手动操作。这里有一个为ActiveRecord会话创建类方法的示例。您可以使用rufo - scheduler和/或DelayedJob来定期调用它。

class Session < ActiveRecord::Base
  def self.sweep(time = 1.hour)
    if time.is_a?(String)
      time = time.split.inject { |count, unit| count.to_i.send(unit) }
    end

    delete_all "updated_at < '#{time.ago.to_s(:db)}' OR created_at < '#{2.days.ago.to_s(:db)}'"
  end
end

More background on why it's important: http://guides.rubyonrails.org/security.html#session-expiry

关于它为什么重要的更多背景:http://guides.rubyonrails.org/security.html# session过期。

#4

4  

mosch says:

mosch说:

I think you will have to do this manually since the active record store does not implement the expire_after option.

我认为您必须手动执行此操作,因为活动记录存储没有实现expire_after选项。

It seems it's no longer this way. :expire_after worked for me in Rails 3.2.11:

似乎已经不是这样了。:expire_after为我在Rails 3.2.11工作后:

Some::Application.config.session_store :active_record_store, {
  key: "some_session_id",
  domain: ".isp.com",
  expire_after: 24.hours,
}

The cookie auto-prolongs after every request towards the app. The session persists through browser exits.

cookie自动延长了对应用程序的请求。会话通过浏览器退出。

I did the above trick to "globalize" the session across domain for a simple SSO functionality, seems to work so far.

我完成了上面的技巧,为简单的SSO功能跨域“全球化”会话,到目前为止似乎是有效的。

#5

2  

The expiration time.

过期时间。

MAX_SESSION_TIME = 60 * 60

before_filter :prepare_session

def prepare_session

   if !session[:expiry_time].nil? and session[:expiry_time] < Time.now
      # Session has expired. Clear the current session.
      reset_session
   end

   # Assign a new expiry time, whether the session has expired or not.
   session[:expiry_time] = MAX_SESSION_TIME.seconds.from_now
   return true
end

#6

-4  

Just add timeout_in method in your model and it should do the trick:

只需在模型中添加timeout_in方法,它就可以完成以下操作:

  def timeout_in
    2.minutes
  end
标签:

相关文章