AuthLogic perishable_token 在每次请求时重置 [英] AuthLogic perishable_token resets on every request
问题描述
在我的用户模型中,我有:
In my User model I have:
acts_as_authentic do |c|
c.perishable_token_valid_for = 30.minutes
end
在我的应用程序控制器中,我有标准的样板代码:
In my Application Controller I have the standard boilerplate code:
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end
现在在我看来,我需要查看用户是否已登录:
Now in my view I need to see if a user is logged in:
<% if current_user %>
Sign Out
<% else %>
Sign In
<% end %>
在每个请求中,current_user 都会被调用,这会导致对数据库进行 SELECT 调用以查找用户,然后调用 UPDATE 来更新 last_request_at 和 perishable_token,即使我设置了 perishable_token_valid_for = 30.minutes.
On every single request, current_user is being called, and that causes a SELECT call to be made to the database to find the user, then an UPDATE call that updates the last_request_at and perishable_token even though I set perishable_token_valid_for = 30.minutes.
有没有人有更好的方法来查看用户是否登录,而不会在我的应用程序的每个页面上引起 SELECT 和 UPDATE.
Does anyone have a better way to see if a user is logged in without causing a SELECT and UPDATE on every single page of my app.
有谁知道为什么即使我将易腐令牌设置为 30 分钟有效,它也会不断更新???
Does anyone know why the perishable token keeps updating even if I set it to be valid for 30 minutes???
推荐答案
perishable_token_valid_for 没有按照您的想法行事.它旨在与 find_using_perishable_token 协同工作,后者用于帐户验证和重置忘记的密码等.默认超时为 10 分钟.
perishable_token_valid_for isn't doing what you think it is. It's intended to work in tandem with find_using_perishable_token which is intended for things like account validation and resetting a forgotten password. The default timeout is 10 minutes.
令牌应该像它所做的那样在每个请求上更新.如果你不想要它,你可以删除它.对于 authlogic,它是完全可选的.
The token is supposed to update on every request like it's doing. You can just remove the column if you don't want it. It's completely optional with authlogic.
如果您确实想保留易腐令牌但完全手动更新它,您可以执行 disable_perishable_token_maintenance = true
If you really do want to keep the perishable token but update it completely by hand, you can do disable_perishable_token_maintenance = true
这篇关于AuthLogic perishable_token 在每次请求时重置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
