Joerg Battermann
2007-Dec-16 23:36 UTC
restful_authentication: update of users'' attributes on every page load upon ''Remember me'' being enabled?
Hello there, I just noticed a kinda weird thing: if users log in with the ''Remember Me'' option enabled, their records in the db get updated everytime the user reloads a page, because apparently restful_authentication''s code updates the remember_token_expires_at & remember_token attributes for each page load (not only once on the actual login (from cookie). Wouldn''t it make much more sense to set this remember_token_expires_at and the corresponding token once only and that''s it? Or am I missing something? Just wanna make sure the db doesn''t get hit (writing-wise) over and over again during a users'' browsing session on the site. -J --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Ryan Bigg
2007-Dec-16 23:56 UTC
Re: restful_authentication: update of users'' attributes on every page load upon ''Remember me'' being enabled?
Say that a user spends 2 hours on one website doing stuff, and their remember token is saved only when they log in. After 2 hours they''re going to be doing something extremely critical (as all people who surf websites for 2 hours straight obviously do) and then their next action there not going to be logged in! On Dec 17, 2007 10:06 AM, Joerg Battermann <jb-0P9kJONFmSkxbLibK+HVikEOCMrvLtNR@public.gmane.org> wrote:> > Hello there, > > I just noticed a kinda weird thing: if users log in with the ''Remember > Me'' option enabled, their records in the db get updated everytime the > user reloads a page, because apparently restful_authentication''s code > updates the remember_token_expires_at & remember_token attributes for > each page load (not only once on the actual login (from cookie). > > Wouldn''t it make much more sense to set this remember_token_expires_at > and the corresponding token once only and that''s it? Or am I missing > something? > > Just wanna make sure the db doesn''t get hit (writing-wise) over and > over again during a users'' browsing session on the site. > > -J > > >-- Ryan Bigg http://www.frozenplague.net --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Joerg Battermann
2007-Dec-17 08:52 UTC
Re: restful_authentication: update of users'' attributes on every page load upon ''Remember me'' being enabled?
Ryan, well the default remember_me timeout is set to two weeks, so that shouldn''t happen & a user typically doesn''t idle on a website with his/ her browser open for 2 weeks .. well at least I hope so ;) I do understand the basic idea behind it, but just wondering whether it is really necessary this way... -J On Dec 17, 12:56 am, "Ryan Bigg" <radarliste...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Say that a user spends 2 hours on one website doing stuff, and their > remember token is saved only when they log in. After 2 hours they''re going > to be doing something extremely critical (as all people who surf websites > for 2 hours straight obviously do) and then their next action there not > going to be logged in! > > On Dec 17, 2007 10:06 AM, Joerg Battermann <j...-0P9kJONFmSkxbLibK+HVikEOCMrvLtNR@public.gmane.org> wrote: > > > > > > > Hello there, > > > I just noticed a kinda weird thing: if users log in with the ''Remember > > Me'' option enabled, their records in the db get updated everytime the > > user reloads a page, because apparently restful_authentication''s code > > updates the remember_token_expires_at & remember_token attributes for > > each page load (not only once on the actual login (from cookie). > > > Wouldn''t it make much more sense to set this remember_token_expires_at > > and the corresponding token once only and that''s it? Or am I missing > > something? > > > Just wanna make sure the db doesn''t get hit (writing-wise) over and > > over again during a users'' browsing session on the site. > > > -J > > -- > Ryan Bigghttp://www.frozenplague.net--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Possibly Parallel Threads
- restful_authentication rspec failures "Mysql::Error: Incorrect datetime value:"
- Working around/with Restful Authentication
- Where can I get "authenticate_with_http_basic"?
- "URL" model not possible?
- first app on Dreamhost with Passenger : "rails needs to know your username and password" ?