关闭浏览器时会话未销毁-RailsTutorial.org [英] Session not destroyed when closing browser - RailsTutorial.org

问题描述

在研究Michael Hartl的railstutorial.org时，我处于第8章(具体来说是8.2.3).当前的问题是实现会话以使用户跨多个视图登录，但是本节中实现的功能应该是 temporary 会话，当浏览器窗口终止时，该会话会过期(注销用户)已经关闭.这是教科书上的声明，其内容如下:

In working through Michael Hartl's railstutorial.org, I'm in Chapter 8 (specifically 8.2.3). The current problem is implementing a session to keep the user logged in across multiple views, but the functionality implemented in this section is supposed to be a temporary session that expires (logs the user out) when the browser window is closed. Here is the statement from the textbook indicating such:

如果您完全退出浏览器，则还应该能够验证该应用程序是否忘记了登录状态，从而要求您再次登录以查看上述更改.

If you quit your browser completely, you should also be able to verify that the application forgets your login status, requiring you to log in again to see the changes described above.

我已经在Google Chrome和Firefox上测试了此功能-我成功登录，导航到多个页面(以确保我的会话在log_in重定向之后仍然存在)，然后关闭浏览器-但是当我重新加载网路应用程式，我仍然登入.我已复制所有程式码完全，与文字所写的一样，但无济于事.供参考，这是我的sessions_helper.rb文件:

I've tested this functionality on both Google Chrome and Firefox -- I log in successfully, navigate to multiple pages (to make sure my session persists beyond the log_in redirect) and then close the browser -- but when I reload the web app, I'm still logged in. I've copied all the code exactly as its written in the text, but to no avail. For reference, here's my sessions_helper.rb file:

module SessionsHelper

  # Logs in the given user.
  def log_in(user)
    session[:user_id] = user.id
  end

  # Returns the current logged-in user (if any).
  def current_user
    @current_user ||= User.find_by(id: session[:user_id])
  end

  # Returns true if the user is logged in, false otherwise.
  def logged_in?
    !current_user.nil?
  end

end

这是我的sessions_controller.rb文件(destroy操作尚未实现，因为在文本中尚未赋予注销"按钮任何功能):

And here is my sessions_controller.rb file (the destroy action has not been implemented yet, since I haven't gotten to the point in the text of giving the Logout button any functionality):

class SessionsController < ApplicationController

  def new
  end

  def create
    user = User.find_by(email: params[:session][:email].downcase)
    if user && user.authenticate(params[:session][:password])
      # Log the user in and redirect to the user's show page.
      log_in user
      redirect_to user
    else
      flash.now[:danger] = 'Invalid email/password combination' 
      render 'new'
    end
  end

  def destroy
  end

结束

注意:在您的回答中，请不要建议添加替代代码或更改现有代码(除非您发现我发布的代码有误) ).教科书假定这是有效的代码，不需要任何更改即可正常运行.

Note: In your answer(s), please do not suggest adding alternate code or changing existing code (unless you see a mistake with the code I've posted). The textbook assumes this is working code and doesn't need any alteration for it to properly function.

推荐答案

请检查您的config/initializers/session_store.rb文件.应该有类似的东西

Please, check your config/initializers/session_store.rb file. There should be something like

Rails.application.config.session_store :cookie_store, key: '_app_session'

您必须在选项中添加具有nil值的expire_after键:

You have to add expire_after key with nil value to the options:

Rails.application.config.session_store :cookie_store, key: '_app_session', expire_after: nil

应用此更改后，会话将在用户关闭浏览器时到期.您可以在此处

After applying this change, the session will expire when user closes the browser. You can read more about cookies expiration here

这篇关于关闭浏览器时会话未销毁-RailsTutorial.org的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！