在 Rails 中,如何在浏览器关闭时销毁会话? [英] In Rails, how do you destroy a session when a browser is closed?
问题描述
我正在阅读 Michael Hartl 的 Railstutorial,但我坚持练习 9.6.2.我在网上搜索并在我的 Sessions Helper 中使用了此代码:
I'm going through Michael Hartl's Railstutorial and I am stuck on Exercise 9.6.2. I searched online and used this code in my Sessions Helper:
module SessionsHelper
def sign_in(user)
session[:user_id] = user.id
self.current_user = user
end
def current_user=(user)
@current_user = user
end
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
def signed_in?
!current_user.nil?
end
def sign_out
session[:user_id] = nil
self.current_user = nil
end
end
但是,当浏览器关闭时,用户并没有注销.有没有其他人对此有解决方案?
However, the user is not logged out when the browser is closed. Does anyone else have a solution to this?
推荐答案
编辑:查看您提供的链接,他们写道:
EDIT: Looking at the link you gave, they write:
我们也可以启动服务器(使用$ rails s")并验证我们全新的会话在没有 cookie 的情况下正常运行(我们应该每次关闭浏览器时都退出)
We can also start the server (with "$ rails s") and verify the functioning of our brand new session without cookies (we should be logged out every time we close the browser).
(强调)
因此,他们的解决方案是简单地关闭 cookie,这会导致每次访问都会创建一个新会话.他们并不是真的在谈论删除服务器端的旧会话.
Therefore, their solution is to simply turn off cookies, which results in a new session being created with each visit. They are not really talking about removing old sessions on the server side of the equation.
为了历史价值,我的原始答案保留在下面:
My original answer is left below for historical value:
(抱歉,如果这太笼统了,我假设您没有看到更大的图景)
(apologies if this is too general, I'm assuming you're not seeing the bigger picture)
从根本上说,网络使用基于拉取的模型 - 客户端发出请求以在服务器上执行操作.
Fundamentally, the web uses a pull-based model - clients make requests to do things on the server.
您不能强制"客户端关闭会话,因为关闭会话是客户端必须从服务器请求的操作(例如:通过注销).
You can not 'force' the client to close a session, since closing a session is an action that the client must request from the server (eg: by logging out).
因此,通常会话都有一个定期检查的超时期限.每个会话都有一个开始时间"存储在数据库中,而过旧的会话将被清除.
Therefore, typically sessions have a time-out period that is checked regularly. Each session has a 'start time' stored in the database, and sessions that are too old are purged.
也就是说,javascript 中可能有一些方法可以检测浏览器关闭事件并尽最大努力关闭会话.但不能保证 - 用户总是可以强行杀死浏览器进程,让服务器完全处于黑暗中.
That said, there may be some way in javascript to detect a browser close event and make some best-effort attempt to close the session. But there is no guarantee - the user can always forcefully kill the browser process, leaving the server totally in the dark.
简而言之,您不能依赖客户端来关闭会话.暂停可能是您最好的选择.
In short, you can't rely on the client to close a session. A timeout is probably your best option.
这篇关于在 Rails 中,如何在浏览器关闭时销毁会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
