Best IT Recipes

How do I dynamically set the expiration time for a cookie based session in Rails

I am currently using the ActiveRecord session store for my Rails application, and I have a background process that clears inactive sessions every 30 minutes.

I would like to switch to a new session store based on Rails cookies, but how do I set the session expiration time to 30 minutes, as opposed to the default “at the end of the session”?

+12
ruby-on-rails
Oct 30 '08 at 10:56
source share
6 answers

I came across this question after a conversation in the office. Just for completeness, I found that sessions can expire after a period of inactivity, and it is built into Rails. In config / environment.rb do something in the lines:

config.action_controller.session = { :key => 'whatever', :secret => 'nottellingyou', :expire_after => 30.minutes }

Discard lib / action_controller / session / cookie_store.rb # 114 for an action (apparently undocumented) in action. It looks like it has been around since switching to the stand sessions in December 2008.

+14
Jul 28 '10 at 9:24
source share

Ideally, you want to add something like this to environment.rb:

 session :session_expires => 1.day.from_now

But this will not work, because the code is run only once at the start of the APP and thus the next day all your sessions are created with expiration in the past.

I usually set session_expires for some time in the future (6 months). Then manually set and check the date of session[:expires] in before_filter on my application controller and reset the session when that date has passed.

This makes it VERY easy to add the "Remember me for ___" parameter when logging in, you just set session[:expires] = Time.now + ___

+5
Oct 30 '08 at 17:54
source share

The session options page on the Rails wiki suggests that this is only possible through the plugin:



Set session cookie expiration time

Unfortunately, Rails does not have the ability to dynamically set the expiration time of a session cookie. Therefore, it is recommended to use the following plugin, which allows you to execute it: http://blog.codahale.com/2006/04/08/dynamic-session-expiration-times-with-rails/



Of course, keep in mind that the plugin is outdated and may not work with your current version of Rails (I did not look at the specifics)

+2
Oct 30 '08 at 11:12
source share

After much pain and experimentation found in Rails 3.x, you need to set your custom session parameters to the filter after each request.

  class ApplicationController < ActionController::Base after_filter :short_session ... def short_session request.session_options = request.session_options.dup request.session_options[:expire_after] = 1.minute request.session_options.freeze end
+2
Jan 27 '13 at 4:44
source share

Use this, it works for me in rails 2.1.x:

Sliding sessions

Currently, I have cookies that expire exactly 2 weeks after a user logs in, and setting it for 30 minutes is simple.

0
Oct. 30 '08 at 19:37
source share

You can try adding the following line to the environment.rb file:

 session :session_key => 'my_session_key' session :session_expires => 1.day.from_now

Alternatively, you can set the session parameters as follows:

 ActionController::Base.session_options[:session_expires] = 1.day.from_now

I have not tested this, therefore YMMV.

-one
Oct 30 '08 at 12:12
source share


More articles:


All Articles