Ruby on rails - Authlogic:定期检查用户会话是否有效 [英] Ruby on rails - Authlogic : periodically check if user session is valid

问题描述

我正在寻找一种解决方案，允许我定期检查用户会话是否已过期，如果已过期，则将他重定向到登录页面.
我正在使用 Authlogic gem，所以我正在做的是调用一个对 current_user 进行测试的函数.
我的 USER_SESSION_TIMEOUT 是 5 分钟，所以我每 5:10 分钟进行一次 ajax 调用.

I'm looking for a solution allowing me to check periodically if the user session has expired and if so redirect him to the login page.
I'm using Authlogic gem, so what I'm doing is call a function that make a test on current_user.
My USER_SESSION_TIMEOUT is 5minutes so I make this ajax call every 5:10 minutes.

<%= periodically_call_remote :url => {:controller => 'user_session', :action => 'check_session_timed_out'}, :frequency =>  (USER_SESSION_TIMEOUT + 10.seconds) %>

<小时>

def check_session_timed_out
   if !current_user
      flash[:login_notice] = "Your session timed out due to a period of inactivity. Please sign in again."
      render :update do |page|
          page.redirect_to "/user_sessions/new"   
      end
   else
       render :nothing => true
   end
end

我注意到每次调用 current_user 时，用户对象都会更新，因此会话会更新为 5 分钟.
当只打开一个选项卡时没有问题，但如果我每次调用 check_session_timed_out current_user 时我有 2 个选项卡更新用户更新用户，因此会话永不过期.

I noticed that every time I call current_user the user object is updated and so the session is renewed to 5 minutes.
There is no problem when only one tab is opened but if I have 2 tabs each time I call check_session_timed_out current_user renew update the user and so the session never expires.

有什么想法吗?谢谢

推荐答案

来自 AuthLogic 来源本身:

From the AuthLogic source itself:

# For example, what if you had a javascript function that polled the server
# updating how much time is left in their session before it times out. Obviously
# you would want to ignore this request, because then the user would never
# time out. So you can do something like this in your controller:

def last_request_update_allowed?
 action_name != "update_session_time_left"
end

在您的情况下，您可能希望使用您的操作名称将该方法添加到您的控制器中:

In your case, you would want to add the method to your controller using the name of your action:

def last_request_update_allowed?
  action_name != "check_session_timed_out"
end

这篇关于Ruby on rails - Authlogic:定期检查用户会话是否有效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！