Rails - Dec 2007 - restful_authentication plugin + session timeout + single login session?

Hi,

I am using restful authentication plugin

1) I was wondering if there is a way to do a session timeout using the
restful_authentication.

How do I hack it to get the behaviour I need?

2) On top of that, I may need to ensure that a particular user can
only login from a single PC. If the user is already logged in at a PC
and attempts to login from another PC, the session in which he signs
in on the first PC will auto log out.


Again, I would like to know how that is possible given
restful_authentication.

Thank you all.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

The only way i know about to expire a rails session is to remove the
session key from the db (if you''re using activerecordstore) or session
files from tmp/sessions (if using file system)
You can do this with a simple rake task that you run periodically with
cron, which checks for any records/files updated_at > time.now - 20
mins and destroys them .

Something like http://pastie.caboo.se/133243


The second question requires something a bit more. You would most
likely create an extra column in the db which you could use to store
the key that matches the session, then when you log in you destroy the
previous session record.

In order to easily manipulate the session table you can create a model
called session.rb which inherits from ActiveRecord, or you can access
it directly using ......  CGI::Session::ActiveRecordStore::Session

Haven''t done this myself but there seems to be bags of information
about retrieving and manipulating session ids and data here
http://www.quarkruby.com/2007/10/21/sessions-and-cookies-in-ruby-on-rails#sactive


More information and a plugin for dynamic session expiration can be
found here:
http://blog.codahale.com/2006/04/08/dynamic-session-expiration-times-with-rails/
and general information on sessions here:
http://wiki.rubyonrails.org/rails/pages/HowtoChangeSessionOptions



On Dec 30, 1:48 pm, Kei Simone
<kimc...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Hi,
>
> I am using restful authentication plugin
>
> 1) I was wondering if there is a way to do a session timeout using the
> restful_authentication.
>
> How do I hack it to get the behaviour I need?
>
> 2) On top of that, I may need to ensure that a particular user can
> only login from a single PC. If the user is already logged in at a PC
> and attempts to login from another PC, the session in which he signs
> in on the first PC will auto log out.
>
> Again, I would like to know how that is possible given
> restful_authentication.
>
> Thank you all.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---