I need to effectively log a user out if their session is inactive for
more than a short period of time, like 5 minutes. I need some help
understanding how to approach session expiration and cleanup in Rails.
When the user explicitly logs out of my app, I delete all the data
they’ve entered/that’s been created during their session. The data
includes files, database records, and then their session data. The
controller code that gets executed when they log out is:
def cleanup
emrec = find_emrec
files = Tempfilerec.find(:all,
:conditions => [“emrec_id = ?”, emrec.id])
files.each {|file| #FileUtils.rm “#{RAILS_ROOT}/public/#{file.filename}” for
production
FileUtils.rm “public/#{file.filename}”
}
emrec.destroy
reset_session
end
I need to execute the same functionality when their session times out
and I’m having a real problem understanding how to go about it.
If I understand what I’ve read, the :session_expires option, which I’d
hoped to use to control their timeout, works with cookie-based,
client-side session management, not server-side. Is that right? Is
there a way to do server-side session mgmt. in a case like this?
You could look at DRB… this has its own
expiry mechanism built into it.
Based on what I’m understanding at this point (which I may be getting
wrong), my problem is not really how to expire / remove the session and
the
data stored in it.
My problem is how to delete the files and database records that are referenced by items in the session store.
I 'm expecting a small (i.e., < 100) number of concurrent sessions.
Based
on what I’ve read, the default Pstore mechanism should handle this just
fine. I guess I can use a filter to update the file whenever there’s
user
activity. If I sweep the store periodically I can delete the session
files
older than my timeout setting. What I can’t get my arms around is…
How do I get at the data in the session store so I can do the database
and
file cleanup? Rails knows how to unmarshal it. But can I do that from
a
Ruby script? And, assuming I can do that, the database has several
tables
that are tied through belongs_to::has_many relationships. The emrec
model
contains all the has_many relationships, all of which have :dependent =>
:delete_all clauses. So, as in the code I posted originally, I get rid
of
all the database records with a single ‘emrec.destroy.’ But Rails has
the
knowledge of the model to allow that. Can I do that from a Ruby script?
Thanks for any thoughts!
Bill
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.